diff --git a/.cvsignore b/.cvsignore index e69de29..4d68bb5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +dumpasn1_20030222-1.diff.gz diff --git a/dumpasn1.c b/dumpasn1.c new file mode 100644 index 0000000..d996033 --- /dev/null +++ b/dumpasn1.c @@ -0,0 +1,2369 @@ +/* ASN.1 object dumping code, copyright Peter Gutmann + , based on ASN.1 dump program by David Kemp + , with contributions from various people including + Matthew Hamrick , Bruno Couillard + , Hallvard Furuseth + , Geoff Thorpe , David Boyce + , John Hughes , Life is hard, + and then you die , Hans-Olof Hermansson + , Tor Rustad , + Kjetil Barvik , James Sweeny , + Chris Ridd , and several other people whose names + I've misplaced. This code grew slowly over time without much design or + planning, with features being tacked on as required. It's not + representative of my normal coding style. + + Available from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c. + Last updated 22 February 2003 (version 20030222, if you prefer it that + way). To build under Windows, use 'cl /MD dumpasn1.c'. To build on OS390 + or z/OS, use '/bin/c89 -D OS390 -o dumpasn1 dumpasn1.c'. + + This version of dumpasn1 requires a config file dumpasn1.cfg to be present + in the same location as the program itself or in a standard directory + where binaries live (it will run without it but will display a warning + message, you can configure the path either by hardcoding it in or using an + environment variable as explained further down). The config file is + available from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. + + This code assumes that the input data is binary, having come from a MIME- + aware mailer or been piped through a decoding utility if the original + format used base64 encoding. If you need to decode it, it's recommended + that you use a utility like uudeview, which will strip virtually any kind + of encoding (MIME, PEM, PGP, whatever) to recover the binary original. + + You can use this code in whatever way you want, as long as you don't try + to claim you wrote it. + + Editing notes: Tabs to 4, phasers to stun (and in case anyone wants to + complain about that, see "Program Indentation and Comprehensiblity", + Richard Miara, Joyce Musselman, Juan Navarro, and Ben Shneiderman, + Communications of the ACM, Vol.26, No.11 (November 1983), p.861) */ + +#include +#include +#include +#include +#ifdef OS390 + #include +#endif /* OS390 */ + +/* The update string, printed as part of the help screen */ + +#define UPDATE_STRING "22 February 2003" + +/* Useful defines */ + +#ifndef TRUE + #define FALSE 0 + #define TRUE ( !FALSE ) +#endif /* TRUE */ + +/* Tandem Guardian NonStop Kernel options */ + +#ifdef __TANDEM + #pragma nolist /* Spare us the source listing, no GUI... */ + #pragma nowarn (1506) /* Implicit type conversion: int to char etc */ +#endif /* __TANDEM */ + +/* SunOS 4.x doesn't define seek codes or exit codes or FILENAME_MAX (it does + define _POSIX_MAX_PATH, but in funny locations and to different values + depending on which include file you use). Strictly speaking this code + isn't right since we need to use PATH_MAX, however not all systems define + this, some use _POSIX_PATH_MAX, and then there are all sorts of variations + and other defines that you have to check, which require about a page of + code to cover each OS, so we just use max( FILENAME_MAX, 512 ) which + should work for everything */ + +#ifndef SEEK_SET + #define SEEK_SET 0 + #define SEEK_CUR 2 +#endif /* No fseek() codes defined */ +#ifndef EXIT_FAILURE + #define EXIT_FAILURE 1 + #define EXIT_SUCCESS ( !EXIT_FAILURE ) +#endif /* No exit() codes defined */ +#ifndef FILENAME_MAX + #define FILENAME_MAX 512 +#else + #if FILENAME_MAX < 128 + #undef FILENAME_MAX + #define FILENAME_MAX 512 + #endif /* FILENAME_MAX < 128 */ +#endif /* FILENAME_MAX */ + +/* Under Windows we can do special-case handling for paths and Unicode + strings (although in practice it can't really handle much except + latin-1) */ + +#if ( defined( _WINDOWS ) || defined( WIN32 ) || defined( _WIN32 ) || \ + defined( __WIN32__ ) ) + #define __WIN32__ +#endif /* Win32 */ + +/* Under Unix we can do special-case handling for paths and Unicode strings. + Detecting Unix systems is a bit tricky but the following should find most + versions. This define implicitly assumes that the system has wchar_t + support, but this is almost always the case except for very old systems, + so it's best to default to allow-all rather than deny-all */ + +#if defined( linux ) || defined( __linux__ ) || defined( sun ) || \ + defined( __bsdi__ ) || defined( __FreeBSD__ ) || defined( __NetBSD__ ) || \ + defined( __OpenBSD__ ) || defined( __hpux ) || defined( _M_XENIX ) || \ + defined( __osf__ ) || defined( _AIX ) || defined( __MACH__ ) + #define __UNIX__ +#endif /* Every commonly-used Unix */ +#if defined( linux ) || defined( __linux__ ) + #define __USE_ISOC99 + #include +#endif /* Linux */ + +/* For IBM mainframe OSes we use the Posix environment, so it looks like + Unix */ + +#ifdef OS390 + #define __OS390__ + #define __UNIX__ +#endif /* OS390 / z/OS */ + +/* Tandem NSK: Don't tangle with Tandem OSS, which is almost UNIX */ + +#ifdef __TANDEM + #ifdef _GUARDIAN_TARGET + #define __TANDEM_NSK__ + #else + #define __UNIX__ + #endif /* _GUARDIAN_TARGET */ +#endif /* __TANDEM */ + +/* Some OS's don't define the min() macro */ + +#ifndef min + #define min(a,b) ( ( a ) < ( b ) ? ( a ) : ( b ) ) +#endif /* !min */ + +/* The level of recursion can get scary for deeply-nested structures so we + use a larger-than-normal stack under DOS */ + +#ifdef __TURBOC__ + extern unsigned _stklen = 16384; +#endif /* __TURBOC__ */ + +/* When we dump a nested data object encapsulated within a larger object, the + length is initially set to a magic value which is adjusted to the actual + length once we start parsing the object */ + +#define LENGTH_MAGIC 177545L + +/* Tag classes */ + +#define CLASS_MASK 0xC0 /* Bits 8 and 7 */ +#define UNIVERSAL 0x00 /* 0 = Universal (defined by ITU X.680) */ +#define APPLICATION 0x40 /* 1 = Application */ +#define CONTEXT 0x80 /* 2 = Context-specific */ +#define PRIVATE 0xC0 /* 3 = Private */ + +/* Encoding type */ + +#define FORM_MASK 0x20 /* Bit 6 */ +#define PRIMITIVE 0x00 /* 0 = primitive */ +#define CONSTRUCTED 0x20 /* 1 = constructed */ + +/* Universal tags */ + +#define TAG_MASK 0x1F /* Bits 5 - 1 */ +#define EOC 0x00 /* 0: End-of-contents octets */ +#define BOOLEAN 0x01 /* 1: Boolean */ +#define INTEGER 0x02 /* 2: Integer */ +#define BITSTRING 0x03 /* 2: Bit string */ +#define OCTETSTRING 0x04 /* 4: Byte string */ +#define NULLTAG 0x05 /* 5: NULL */ +#define OID 0x06 /* 6: Object Identifier */ +#define OBJDESCRIPTOR 0x07 /* 7: Object Descriptor */ +#define EXTERNAL 0x08 /* 8: External */ +#define REAL 0x09 /* 9: Real */ +#define ENUMERATED 0x0A /* 10: Enumerated */ +#define EMBEDDED_PDV 0x0B /* 11: Embedded Presentation Data Value */ +#define UTF8STRING 0x0C /* 12: UTF8 string */ +#define SEQUENCE 0x10 /* 16: Sequence/sequence of */ +#define SET 0x11 /* 17: Set/set of */ +#define NUMERICSTRING 0x12 /* 18: Numeric string */ +#define PRINTABLESTRING 0x13 /* 19: Printable string (ASCII subset) */ +#define T61STRING 0x14 /* 20: T61/Teletex string */ +#define VIDEOTEXSTRING 0x15 /* 21: Videotex string */ +#define IA5STRING 0x16 /* 22: IA5/ASCII string */ +#define UTCTIME 0x17 /* 23: UTC time */ +#define GENERALIZEDTIME 0x18 /* 24: Generalized time */ +#define GRAPHICSTRING 0x19 /* 25: Graphic string */ +#define VISIBLESTRING 0x1A /* 26: Visible string (ASCII subset) */ +#define GENERALSTRING 0x1B /* 27: General string */ +#define UNIVERSALSTRING 0x1C /* 28: Universal string */ +#define BMPSTRING 0x1E /* 30: Basic Multilingual Plane/Unicode string */ + +/* Length encoding */ + +#define LEN_XTND 0x80 /* Indefinite or long form */ +#define LEN_MASK 0x7F /* Bits 7 - 1 */ + +/* Various special-case operations to perform on strings */ + +typedef enum { + STR_NONE, /* No special handling */ + STR_UTCTIME, /* Check it's UTCTime */ + STR_GENERALIZED, /* Check it's GeneralizedTime */ + STR_PRINTABLE, /* Check it's a PrintableString */ + STR_IA5, /* Check it's an IA5String */ + STR_LATIN1, /* Read and display string as latin-1 */ + STR_BMP, /* Read and display string as Unicode */ + STR_BMP_REVERSED /* STR_BMP with incorrect endianness */ + } STR_OPTION; + +/* Structure to hold info on an ASN.1 item */ + +typedef struct { + int id; /* Tag class + primitive/constructed */ + int tag; /* Tag */ + long length; /* Data length */ + int indefinite; /* Item has indefinite length */ + int headerSize; /* Size of tag+length */ + unsigned char header[ 8 ]; /* Tag+length data */ + } ASN1_ITEM; + +/* Config options */ + +static int printDots = FALSE; /* Whether to print dots to align columns */ +static int doPure = FALSE; /* Print data without LHS info column */ +static int doDumpHeader = FALSE; /* Dump tag+len in hex (level = 0, 1, 2) */ +static int extraOIDinfo = FALSE; /* Print extra information about OIDs */ +static int doHexValues = FALSE; /* Display size, offset in hex not dec.*/ +static int useStdin = FALSE; /* Take input from stdin */ +static int zeroLengthAllowed = FALSE;/* Zero-length items allowed */ +static int dumpText = FALSE; /* Dump text alongside hex data */ +static int printAllData = FALSE; /* Whether to print all data in long blocks */ +static int checkEncaps = TRUE; /* Print encaps.data in BIT/OCTET STRINGs */ +static int checkCharset = TRUE; /* Check val.of char strs.hidden in OCTET STRs */ +#ifndef __OS390__ +static int reverseBitString = TRUE; /* Print BIT STRINGs in natural order */ +#else +static int reverseBitString = FALSE;/* Natural order on OS390 is the same as ASN.1 */ +#endif /* __OS390__ */ +static int rawTimeString = FALSE; /* Print raw time strings */ +static int shallowIndent = FALSE; /* Perform shallow indenting */ + +/* The indent size and fixed indent string to the left of the data */ + +#if 0 +#define INDENT_SIZE 14 +#define INDENT_STRING " : " +#else +#define INDENT_SIZE 11 +#define INDENT_STRING " : " +#endif /* 0 */ + +/* The width of the output window. This isn't very consistently enforced, + for example for hex dumps we always dump 16 bytes at a time to give a nice + fixed-format display */ + +#define OUTPUT_WIDTH 80 + +/* Error and warning information */ + +static int noErrors = 0; /* Number of errors found */ +static int noWarnings = 0; /* Number of warnings */ + +/* Position in the input stream */ + +static int fPos = 0; /* Absolute position in data */ + +/* The output stream */ + +static FILE *output; /* Output stream */ + +/* Information on an ASN.1 Object Identifier */ + +#define MAX_OID_SIZE 32 + +typedef struct tagOIDINFO { + struct tagOIDINFO *next; /* Next item in list */ + char oid[ MAX_OID_SIZE ], *comment, *description; + int oidLength; /* Name, rank, serial number */ + int warn; /* Whether to warn if OID encountered */ + } OIDINFO; + +static OIDINFO *oidList = NULL; + +/* If the config file isn't present in the current directory, we search the + following paths (this is needed for Unix with dumpasn1 somewhere in the + path, since this doesn't set up argv[0] to the full path). Anything + beginning with a '$' uses the appropriate environment variable. In + addition under Unix we also walk down $PATH looking for it */ + +#ifdef __TANDEM_NSK__ + #define CONFIG_NAME "asn1cfg" +#else + #define CONFIG_NAME "dumpasn1.cfg" +#endif /* __TANDEM_NSK__ */ + +#if defined( __TANDEM_NSK__ ) + +static const char *configPaths[] = { + "$system.security", "$system.system", + + NULL + }; + +#elif defined( __WIN32__ ) + +static const char *configPaths[] = { + /* Windoze absolute paths. Usually things are on C:, but older NT setups + are easier to do on D: if the initial copy is done to C: */ + "c:\\dos\\", "d:\\dos\\", "c:\\windows\\", "d:\\windows\\", + "c:\\winnt\\", "d:\\winnt\\", + + /* It's my program, I'm allowed to hardcode in strange paths that no-one + else uses */ + "c:\\program files\\bin\\", + + /* This one seems to be popular as well */ + "c:\\program files\\utilities\\", + + /* General environment-based paths */ + "$DUMPASN1_PATH/", + + NULL + }; + +#elif defined( __OS390__ ) + +static const char *configPaths[] = { + /* General environment-based paths */ + "$DUMPASN1_PATH/", + + NULL + }; + +#else + +static const char *configPaths[] = { + #ifndef DEBIAN + /* Unix absolute paths */ + "/usr/bin/", "/usr/local/bin/", "/etc/dumpasn1/", + + /* Unix environment-based paths */ + "$HOME/", "$HOME/bin/", + + /* It's my program, I'm allowed to hardcode in strange paths that no-one + else uses */ + "$HOME/BIN/", + #else + /* Debian has specific places where you're supposed to dump things */ + "$HOME/", "/etc/dumpasn1/", + #endif /* DEBIAN-specific paths */ + + /* General environment-based paths */ + "$DUMPASN1_PATH/", + + NULL + }; +#endif /* OS-specific search paths */ + +#define isEnvTerminator( c ) \ + ( ( ( c ) == '/' ) || ( ( c ) == '.' ) || ( ( c ) == '$' ) || \ + ( ( c ) == '\0' ) || ( ( c ) == '~' ) ) + +/**************************************************************************** +* * +* Object Identification/Description Routines * +* * +****************************************************************************/ + +/* Return descriptive strings for universal tags */ + +char *idstr( const int tagID ) + { + switch( tagID ) + { + case EOC: + return( "End-of-contents octets" ); + case BOOLEAN: + return( "BOOLEAN" ); + case INTEGER: + return( "INTEGER" ); + case BITSTRING: + return( "BIT STRING" ); + case OCTETSTRING: + return( "OCTET STRING" ); + case NULLTAG: + return( "NULL" ); + case OID: + return( "OBJECT IDENTIFIER" ); + case OBJDESCRIPTOR: + return( "ObjectDescriptor" ); + case EXTERNAL: + return( "EXTERNAL" ); + case REAL: + return( "REAL" ); + case ENUMERATED: + return( "ENUMERATED" ); + case EMBEDDED_PDV: + return( "EMBEDDED PDV" ); + case UTF8STRING: + return( "UTF8String" ); + case SEQUENCE: + return( "SEQUENCE" ); + case SET: + return( "SET" ); + case NUMERICSTRING: + return( "NumericString" ); + case PRINTABLESTRING: + return( "PrintableString" ); + case T61STRING: + return( "TeletexString" ); + case VIDEOTEXSTRING: + return( "VideotexString" ); + case IA5STRING: + return( "IA5String" ); + case UTCTIME: + return( "UTCTime" ); + case GENERALIZEDTIME: + return( "GeneralizedTime" ); + case GRAPHICSTRING: + return( "GraphicString" ); + case VISIBLESTRING: + return( "VisibleString" ); + case GENERALSTRING: + return( "GeneralString" ); + case UNIVERSALSTRING: + return( "UniversalString" ); + case BMPSTRING: + return( "BMPString" ); + default: + return( "Unknown (Reserved)" ); + } + } + +/* Return information on an object identifier */ + +static OIDINFO *getOIDinfo( char *oid, const int oidLength ) + { + OIDINFO *oidPtr; + + memset( oid + oidLength, 0, 2 ); + for( oidPtr = oidList; oidPtr != NULL; oidPtr = oidPtr->next ) + if( oidLength == oidPtr->oidLength - 2 && \ + !memcmp( oidPtr->oid + 2, oid, oidLength ) ) + return( oidPtr ); + + return( NULL ); + } + +/* Add an OID attribute */ + +static int addAttribute( char **buffer, char *attribute ) + { + if( ( *buffer = ( char * ) malloc( strlen( attribute ) + 1 ) ) == NULL ) + { + puts( "Out of memory." ); + return( FALSE ); + } + strcpy( *buffer, attribute ); + return( TRUE ); + } + +/* Table to identify valid string chars (taken from cryptlib) */ + +#define P 1 /* PrintableString */ +#define I 2 /* IA5String */ +#define PI 3 /* IA5String and PrintableString */ + +static int charFlags[] = { + /* 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + /* 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + /* ! " # $ % & ' ( ) * + , - . / */ + PI, I, I, I, I, I, I, PI, PI, PI, I, PI, PI, PI, PI, PI, + /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ + PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, PI, I, PI, + /* @ A B C D E F G H I J K L M N O */ + I, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, + /* P Q R S T U V W X Y Z [ \ ] ^ _ */ + PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, I, I, I, + /* ` a b c d e f g h i j k l m n o */ + I, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, + /* p q r s t u v w x y z { | } ~ DL */ + PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, PI, I, I, I, I, 0 + }; + +static int isPrintable( int ch ) + { + if( ch >= 128 || !( charFlags[ ch ] & P ) ) + return( FALSE ); + return( TRUE ); + } + +static int isIA5( int ch ) + { + if( ch >= 128 || !( charFlags[ ch ] & I ) ) + return( FALSE ); + return( TRUE ); + } + +/**************************************************************************** +* * +* Config File Read Routines * +* * +****************************************************************************/ + +/* Files coming from DOS/Windows systems may have a ^Z (the CP/M EOF char) + at the end, so we need to filter this out */ + +#define CPM_EOF 0x1A /* ^Z = CPM EOF char */ + +/* The maximum input line length */ + +#define MAX_LINESIZE 512 + +/* Read a line of text from the config file */ + +static int lineNo; + +static int readLine( FILE *file, char *buffer ) + { + int bufCount = 0, ch; + + /* Skip whitespace */ + while( ( ( ch = getc( file ) ) == ' ' || ch == '\t' ) && !feof( file ) ); + + /* Get a line into the buffer */ + while( ch != '\r' && ch != '\n' && ch != CPM_EOF && !feof( file ) ) + { + /* Check for an illegal char in the data. Note that we don't just + check for chars with high bits set because these are legal in + non-ASCII strings */ + if( !isprint( ch ) ) + { + printf( "Bad character '%c' in config file line %d.\n", + ch, lineNo ); + return( FALSE ); + } + + /* Check to see if it's a comment line */ + if( ch == '#' && !bufCount ) + { + /* Skip comment section and trailing whitespace */ + while( ch != '\r' && ch != '\n' && ch != CPM_EOF && !feof( file ) ) + ch = getc( file ); + break; + } + + /* Make sure the line is of the correct length */ + if( bufCount > MAX_LINESIZE ) + { + printf( "Config file line %d too long.\n", lineNo ); + return( FALSE ); + } + else + if( ch ) /* Can happen if we read a binary file */ + buffer[ bufCount++ ] = ch; + + /* Get next character */ + ch = getc( file ); + } + + /* If we've just passed a CR, check for a following LF */ + if( ch == '\r' ) + if( ( ch = getc( file ) ) != '\n' ) + ungetc( ch, file ); + + /* Skip trailing whitespace and add der terminador */ + while( bufCount > 0 && + ( ( ch = buffer[ bufCount - 1 ] ) == ' ' || ch == '\t' ) ) + bufCount--; + buffer[ bufCount ] = '\0'; + + /* Handle special-case of ^Z if file came off an MSDOS system */ + if( ch == CPM_EOF ) + while( !feof( file ) ) + /* Keep going until we hit the true EOF (or some sort of error) */ + ch = getc( file ); + + return( ferror( file ) ? FALSE : TRUE ); + } + +/* Process an OID specified as space-separated hex digits */ + +static int processHexOID( OIDINFO *oidInfo, char *string ) + { + int value, index = 0; + + while( *string && index < MAX_OID_SIZE - 1 ) + { + if( sscanf( string, "%x", &value ) != 1 || value > 255 ) + { + printf( "Invalid hex value in config file line %d.\n", lineNo ); + return( FALSE ); + } + oidInfo->oid[ index++ ] = value; + string += 2; + if( *string && *string++ != ' ' ) + { + printf( "Invalid hex string in config file line %d.\n", lineNo ); + return( FALSE ); + } + } + oidInfo->oid[ index ] = 0; + oidInfo->oidLength = index; + if( index >= MAX_OID_SIZE - 1 ) + { + printf( "OID value in config file line %d too long.\n", lineNo ); + return( FALSE ); + } + return( TRUE ); + } + +/* Read a config file */ + +static int readConfig( const char *path, const int isDefaultConfig ) + { + OIDINFO dummyOID = { NULL, "Dummy", "Dummy", "Dummy", 1 }, *oidPtr; + FILE *file; + char buffer[ MAX_LINESIZE ]; + int status; + + /* Try and open the config file */ + if( ( file = fopen( path, "rb" ) ) == NULL ) + { + /* If we can't open the default config file, issue a warning but + continue anyway */ + if( isDefaultConfig ) + { + puts( "Cannot open config file 'dumpasn1.cfg', which should be in the same" ); + puts( "directory as the dumpasn1 program, a standard system directory, or" ); + puts( "in a location pointed to by the DUMPASN1_PATH environment variable." ); + puts( "Operation will continue without the ability to display Object " ); + puts( "Identifier information." ); + puts( "" ); + puts( "If the config file is located elsewhere, you can set the environment" ); + puts( "variable DUMPASN1_PATH to the path to the file." ); + return( TRUE ); + } + + printf( "Cannot open config file '%s'.\n", path ); + return( FALSE ); + } + + /* Add the new config entries at the appropriate point in the OID list */ + if( oidList == NULL ) + oidPtr = &dummyOID; + else + for( oidPtr = oidList; oidPtr->next != NULL; oidPtr = oidPtr->next ); + + /* Read each line in the config file */ + lineNo = 1; + while( ( status = readLine( file, buffer ) ) == TRUE && !feof( file ) ) + { + /* If it's a comment line, skip it */ + if( !*buffer ) + { + lineNo++; + continue; + } + + /* Check for an attribute tag */ + if( !strncmp( buffer, "OID = ", 6 ) ) + { + /* Make sure all the required attributes for the current OID are + present */ + if( oidPtr->description == NULL ) + { + printf( "OID ending on config file line %d has no " + "description attribute.\n", lineNo - 1 ); + return( FALSE ); + } + + /* Allocate storage for the new OID */ + if( ( oidPtr->next = ( struct tagOIDINFO * ) \ + malloc( sizeof( OIDINFO ) ) ) == NULL ) + { + puts( "Out of memory." ); + return( FALSE ); + } + oidPtr = oidPtr->next; + if( oidList == NULL ) + oidList = oidPtr; + memset( oidPtr, 0, sizeof( OIDINFO ) ); + + /* Add the new OID */ + if( !processHexOID( oidPtr, buffer + 6 ) ) + return( FALSE ); + } + else if( !strncmp( buffer, "Description = ", 14 ) ) + { + if( oidPtr->description != NULL ) + { + printf( "Duplicate OID description in config file line %d.\n", + lineNo ); + return( FALSE ); + } + if( !addAttribute( &oidPtr->description, buffer + 14 ) ) + return( FALSE ); + } + else if( !strncmp( buffer, "Comment = ", 10 ) ) + { + if( oidPtr->comment != NULL ) + { + printf( "Duplicate OID comment in config file line %d.\n", + lineNo ); + return( FALSE ); + } + if( !addAttribute( &oidPtr->comment, buffer + 10 ) ) + return( FALSE ); + } + else if( !strncmp( buffer, "Warning", 7 ) ) + { + if( oidPtr->warn ) + { + printf( "Duplicate OID warning in config file line %d.\n", + lineNo ); + return( FALSE ); + } + oidPtr->warn = TRUE; + } + else + { + printf( "Unrecognised attribute '%s', line %d.\n", buffer, + lineNo ); + return( FALSE ); + } + + lineNo++; + } + fclose( file ); + + return( status ); + } + +/* Check for the existence of a config file path (access() isn't available + on all systems) */ + +static int testConfigPath( const char *path ) + { + FILE *file; + + /* Try and open the config file */ + if( ( file = fopen( path, "rb" ) ) == NULL ) + return( FALSE ); + fclose( file ); + + return( TRUE ); + } + +/* Build a config path by substituting environment strings for $NAMEs */ + +static void buildConfigPath( char *path, const char *pathTemplate ) + { + char pathBuffer[ FILENAME_MAX ], newPath[ FILENAME_MAX ]; + int pathLen, pathPos = 0, newPathPos = 0; + + /* Add the config file name at the end */ + strcpy( pathBuffer, pathTemplate ); + strcat( pathBuffer, CONFIG_NAME ); + pathLen = strlen( pathBuffer ); + + while( pathPos < pathLen ) + { + char *strPtr; + int substringSize; + + /* Find the next $ and copy the data before it to the new path */ + if( ( strPtr = strstr( pathBuffer + pathPos, "$" ) ) != NULL ) + substringSize = ( int ) ( ( strPtr - pathBuffer ) - pathPos ); + else + substringSize = pathLen - pathPos; + if( substringSize > 0 ) + memcpy( newPath + newPathPos, pathBuffer + pathPos, + substringSize ); + newPathPos += substringSize; + pathPos += substringSize; + + /* Get the environment string for the $NAME */ + if( strPtr != NULL ) + { + char envName[ MAX_LINESIZE ], *envString; + int i; + + /* Skip the '$', find the end of the $NAME, and copy the name + into an internal buffer */ + pathPos++; /* Skip the $ */ + for( i = 0; !isEnvTerminator( pathBuffer[ pathPos + i ] ); i++ ); + memcpy( envName, pathBuffer + pathPos, i ); + envName[ i ] = '\0'; + + /* Get the env.string and copy it over */ + if( ( envString = getenv( envName ) ) != NULL ) + { + const int envStrLen = strlen( envString ); + + if( newPathPos + envStrLen < FILENAME_MAX - 2 ) + { + memcpy( newPath + newPathPos, envString, envStrLen ); + newPathPos += envStrLen; + } + } + pathPos += i; + } + } + newPath[ newPathPos ] = '\0'; /* Add der terminador */ + + /* Copy the new path to the output */ + strcpy( path, newPath ); + } + +/* Read the global config file */ + +static int readGlobalConfig( const char *path ) + { + char buffer[ FILENAME_MAX ]; + char *searchPos = ( char * ) path, *namePos, *lastPos = NULL; +#ifdef __UNIX__ + char *envPath; +#endif /* __UNIX__ */ + int i; + + /* First, try and find the config file in the same directory as the + executable by walking down the path until we find the last occurrence + of the program name. This requires that argv[0] be set up properly, + which isn't the case if Unix search paths are being used, and seems + to be pretty broken under Windows */ + do + { + namePos = lastPos; + lastPos = strstr( searchPos, "dumpasn1" ); + if( lastPos == NULL ) + lastPos = strstr( searchPos, "DUMPASN1" ); + searchPos = lastPos + 1; + } + while( lastPos != NULL ); +#ifdef __UNIX__ + if( namePos == NULL && ( namePos = strrchr( path, '/' ) ) != NULL ) + { + const int endPos = ( int ) ( namePos - path ) + 1; + + /* If the executable isn't called dumpasn1, we won't be able to find + it with the above code, fall back to looking for directory + separators. This requires a system where the only separator is + the directory separator (ie it doesn't work for Windows or most + mainframe environments) */ + if( endPos < FILENAME_MAX - 13 ) + { + memcpy( buffer, path, endPos ); + strcpy( buffer + endPos, CONFIG_NAME ); + if( testConfigPath( buffer ) ) + return( readConfig( buffer, TRUE ) ); + } + + /* That didn't work, try the absolute locations and $PATH */ + namePos = NULL; + } +#endif /* __UNIX__ */ + if( strlen( path ) < FILENAME_MAX - 13 && namePos != NULL ) + { + strcpy( buffer, path ); + strcpy( buffer + ( int ) ( namePos - ( char * ) path ), CONFIG_NAME ); + if( testConfigPath( buffer ) ) + return( readConfig( buffer, TRUE ) ); + } + + /* Now try each of the possible absolute locations for the config file */ + for( i = 0; configPaths[ i ] != NULL; i++ ) + { + buildConfigPath( buffer, configPaths[ i ] ); + if( testConfigPath( buffer ) ) + return( readConfig( buffer, TRUE ) ); + } + +#ifdef __UNIX__ + /* On Unix systems we can also search for the config file on $PATH */ + if( ( envPath = getenv( "PATH" ) ) != NULL ) + { + char *pathPtr = strtok( envPath, ":" ); + + do + { + sprintf( buffer, "%s/%s", pathPtr, CONFIG_NAME ); + if( testConfigPath( buffer ) ) + return( readConfig( buffer, TRUE ) ); + pathPtr = strtok( NULL, ":" ); + } + while( pathPtr != NULL ); + } +#endif /* __UNIX__ */ + + /* Default to just the config name (which should fail as it was the + first entry in configPaths[]). readConfig() will display the + appropriate warning */ + return( readConfig( CONFIG_NAME, TRUE ) ); + } + +/**************************************************************************** +* * +* Output/Formatting Routines * +* * +****************************************************************************/ + +#ifdef __OS390__ + +static int asciiToEbcdic( const int ch ) + { + char convBuffer[ 2 ]; + + convBuffer[ 0 ] = ch; + convBuffer[ 1 ] = '\0'; + __atoe( convBuffer ); /* Convert ASCII to EBCDIC for 390 */ + return( convBuffer[ 0 ] ); + } +#endif /* __OS390__ */ + +/* Indent a string by the appropriate amount */ + +static void doIndent( const int level ) + { + int i; + + for( i = 0; i < level; i++ ) + fprintf( output, printDots ? ". " : \ + shallowIndent ? " " : " " ); + } + +/* Complain about an error in the ASN.1 object */ + +static void complain( const char *message, const int level ) + { + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 1 ); + fprintf( output, "Error: %s.\n", message ); + noErrors++; + } + +/* Dump data as a string of hex digits up to a maximum of 128 bytes */ + +static void dumpHex( FILE *inFile, long length, int level, int isInteger ) + { + const int lineLength = ( dumpText ) ? 8 : 16; + char printable[ 9 ]; + long noBytes = length; + int zeroPadded = FALSE, warnPadding = FALSE, warnNegative = isInteger; + int singleLine = FALSE; + int maxLevel = ( doPure ) ? 15 : 8, i; + + /* Check if LHS status info + indent + "OCTET STRING" string + data will + wrap */ + if( ( ( doPure ) ? 0 : INDENT_SIZE ) + ( level * 2 ) + 12 + \ + ( length * 3 ) < OUTPUT_WIDTH ) + singleLine = TRUE; + + if( noBytes > 128 && !printAllData ) + noBytes = 128; /* Only output a maximum of 128 bytes */ + if( level > maxLevel ) + level = maxLevel; /* Make sure we don't go off edge of screen */ + printable[ 8 ] = printable[ 0 ] = '\0'; + for( i = 0; i < noBytes; i++ ) + { + int ch; + + if( !( i % lineLength ) ) + { + if( singleLine ) + putchar( ' ' ); + else + { + if( dumpText ) + { + /* If we're dumping text alongside the hex data, print + the accumulated text string */ + fputs( " ", output ); + fputs( printable, output ); + } + fputc( '\n', output ); + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 1 ); + } + } + ch = getc( inFile ); + fprintf( output, "%s%02X", i % lineLength ? " " : "", ch ); + printable[ i % 8 ] = ( ch >= ' ' && ch < 127 ) ? ch : '.'; + fPos++; + + /* If we need to check for negative values and zero padding, check + this now */ + if( !i ) + { + if( !ch ) + zeroPadded = TRUE; + if( !( ch & 0x80 ) ) + warnNegative = FALSE; + } + if( i == 1 && zeroPadded && ch < 0x80 ) + warnPadding = TRUE; + } + if( dumpText ) + { + /* Print any remaining text */ + i %= lineLength; + printable[ i ] = '\0'; + while( i < lineLength ) + { + fprintf( output, " " ); + i++; + } + fputs( " ", output ); + fputs( printable, output ); + } + if( length > 128 && !printAllData ) + { + length -= 128; + fputc( '\n', output ); + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 5 ); + fprintf( output, "[ Another %ld bytes skipped ]", length ); + fPos += length; + if( useStdin ) + { + while( length-- ) + getc( inFile ); + } + else + fseek( inFile, length, SEEK_CUR ); + } + fputs( "\n", output ); + + if( isInteger ) + { + if( warnPadding ) + complain( "Integer has non-DER encoding", level ); + if( warnNegative ) + complain( "Integer has a negative value", level ); + } + } + +/* Dump a bitstring, reversing the bits into the standard order in the + process */ + +static void dumpBitString( FILE *inFile, const int length, const int unused, + const int level ) + { + unsigned int bitString = 0, currentBitMask = 0x80, remainderMask = 0xFF; + int bitFlag, value = 0, noBits, bitNo = -1, i; + char *errorStr = NULL; + + if( unused < 0 || unused > 7 ) + complain( "Invalid number of unused bits", level ); + noBits = ( length * 8 ) - unused; + + /* ASN.1 bitstrings start at bit 0, so we need to reverse the order of + the bits if necessary */ + if( length ) + { + bitString = fgetc( inFile ); + fPos++; + } + for( i = noBits - 8; i > 0; i -= 8 ) + { + bitString = ( bitString << 8 ) | fgetc( inFile ); + currentBitMask <<= 8; + remainderMask = ( remainderMask << 8 ) | 0xFF; + fPos++; + } + if( reverseBitString ) + { + for( i = 0, bitFlag = 1; i < noBits; i++ ) + { + if( bitString & currentBitMask ) + value |= bitFlag; + if( !( bitString & remainderMask ) ) + /* The last valid bit should be a one bit */ + errorStr = "Spurious zero bits in bitstring"; + bitFlag <<= 1; + bitString <<= 1; + } + if( noBits < sizeof( int ) && \ + ( ( remainderMask << noBits ) & value ) ) + /* There shouldn't be any bits set after the last valid one. We + have to do the noBits check to avoid a fencepost error when + there's exactly 32 bits */ + errorStr = "Spurious one bits in bitstring"; + } + else + value = bitString; + + /* Now that it's in the right order, dump it. If there's only one bit + set (which is often the case for bit flags) we also print the bit + number to save users having to count the zeroes to figure out which + flag is set */ + fputc( '\n', output ); + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 1 ); + fputc( '\'', output ); + if( reverseBitString ) + currentBitMask = 1 << ( noBits - 1 ); + for( i = 0; i < noBits; i++ ) + { + if( value & currentBitMask ) + { + bitNo = ( bitNo == -1 ) ? ( noBits - 1 ) - i : -2; + fputc( '1', output ); + } + else + fputc( '0', output ); + currentBitMask >>= 1; + } + if( bitNo >= 0 ) + fprintf( output, "'B (bit %d)\n", bitNo ); + else + fputs( "'B\n", output ); + + if( errorStr != NULL ) + complain( errorStr, level ); + } + +/* Display data as a text string up to a maximum of 240 characters (8 lines + of 48 chars to match the hex limit of 8 lines of 16 bytes) with special + treatement for control characters and other odd things that can turn up + in BMPString and UniversalString types. + + If the string is less than 40 chars in length, we try to print it on the + same line as the rest of the text (even if it wraps), otherwise we break + it up into 48-char chunks in a somewhat less nice text-dump format */ + +static void displayString( FILE *inFile, long length, int level, + STR_OPTION strOption ) + { + char timeStr[ 64 ]; +#ifdef __OS390__ + char convBuffer[ 2 ]; +#endif /* __OS390__ */ + long noBytes = length; + int lineLength = 48, maxLevel = ( doPure ) ? 15 : 8, i; + int firstTime = TRUE, doTimeStr = FALSE, warnIA5 = FALSE; + int warnPrintable = FALSE, warnTime = FALSE, warnBMP = FALSE; + + if( noBytes > 384 && !printAllData ) + noBytes = 384; /* Only output a maximum of 384 bytes */ + if( strOption == STR_UTCTIME || strOption == STR_GENERALIZED ) + { + if( ( strOption == STR_UTCTIME && length != 13 ) || \ + ( strOption == STR_GENERALIZED && length != 15 ) ) + warnTime = TRUE; + else + doTimeStr = rawTimeString ? FALSE : TRUE; + } + if( !doTimeStr && length <= 40 ) + fprintf( output, " '" ); /* Print string on same line */ + if( level > maxLevel ) + level = maxLevel; /* Make sure we don't go off edge of screen */ + for( i = 0; i < noBytes; i++ ) + { + int ch; + + /* If the string is longer than 40 chars, break it up into multiple + sections */ + if( length > 40 && !( i % lineLength ) ) + { + if( !firstTime ) + fputc( '\'', output ); + fputc( '\n', output ); + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 1 ); + fputc( '\'', output ); + firstTime = FALSE; + } + ch = getc( inFile ); +#if defined( __WIN32__ ) || defined( __UNIX__ ) || defined( __OS390__ ) + if( strOption == STR_BMP ) + { + if( i == noBytes - 1 && ( noBytes & 1 ) ) + /* Odd-length BMP string, complain */ + warnBMP = TRUE; + else + { + const wchar_t wCh = ( ch << 8 ) | getc( inFile ); + char outBuf[ 8 ]; +#ifdef __OS390__ + char *p; +#endif /* OS-specific charset handling */ + int outLen; + + /* Attempting to display Unicode characters is pretty hit and + miss, and if it fails nothing is displayed. To try and + detect this we use wcstombs() to see if anything can be + displayed, if it can't we drop back to trying to display + the data as non-Unicode. There's one exception to this + case, which is for a wrong-endianness Unicode string, for + which the first character looks like a single ASCII char */ + outLen = wcstombs( outBuf, &wCh, 1 ); + if( outLen < 1 ) + /* Can't be displayed as Unicode, fall back to + displaying it as normal text */ + ungetc( wCh & 0xFF, inFile ); + else + { + lineLength++; + i++; /* We've read two characters for a wchar_t */ +#if defined( __WIN32__ ) || \ + ( defined( __UNIX__ ) && !( defined( __MACH__ ) || defined( __OpenBSD__ ) ) ) + + wprintf( L"%c", wCh ); +#else + #ifdef __OS390__ + /* This could use some improvement */ + for( p = outBuf; *p != '\0'; p++ ) + *p = asciiToEbcdic( *p ); + #endif /* IBM ASCII -> EBCDIC conversion */ + fprintf( output, "%s", outBuf ); +#endif /* OS-specific charset handling */ + fPos += 2; + continue; + } + } + } +#endif /* __WIN32__ || __UNIX__ || __OS390__ */ + switch( strOption ) + { + case STR_PRINTABLE: + case STR_IA5: + case STR_LATIN1: + if( strOption == STR_PRINTABLE && !isPrintable( ch ) ) + warnPrintable = TRUE; + if( strOption == STR_IA5 && !isIA5( ch ) ) + warnIA5 = TRUE; + if( strOption == STR_LATIN1 ) + { + if( !isprint( ch & 0x7F ) ) + ch = '.'; /* Convert non-ASCII to placeholders */ + } + else + if( !isprint( ch ) ) + ch = '.'; /* Convert non-ASCII to placeholders */ +#ifdef __OS390__ + ch = asciiToEbcdic( ch ); +#endif /* __OS390__ */ + break; + + case STR_UTCTIME: + case STR_GENERALIZED: + if( !isdigit( ch ) && ch != 'Z' ) + { + warnTime = TRUE; + if( !isprint( ch ) ) + ch = '.'; /* Convert non-ASCII to placeholders */ + } +#ifdef __OS390__ + ch = asciiToEbcdic( ch ); +#endif /* __OS390__ */ + break; + + case STR_BMP_REVERSED: + if( i == noBytes - 1 && ( noBytes & 1 ) ) + /* Odd-length BMP string, complain */ + warnBMP = TRUE; + + /* Wrong-endianness BMPStrings (Microsoft Unicode) can't be + handled through the usual widechar-handling mechanism + above since the first widechar looks like an ASCII char + followed by a null terminator, so we just treat them as + ASCII chars, skipping the following zero byte. This is + safe since the code that detects reversed BMPStrings + has already checked that every second byte is zero */ + getc( inFile ); + i++; + fPos++; + /* Drop through */ + + default: + if( !isprint( ch ) ) + ch = '.'; /* Convert control chars to placeholders */ +#ifdef __OS390__ + ch = asciiToEbcdic( ch ); +#endif /* __OS390__ */ + } + if( doTimeStr ) + timeStr[ i ] = ch; + else + fputc( ch, output ); + fPos++; + } + if( length > 384 && !printAllData ) + { + length -= 384; + fprintf( output, "'\n" ); + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 5 ); + fprintf( output, "[ Another %ld characters skipped ]", length ); + fPos += length; + while( length-- ) + { + int ch = getc( inFile ); + + if( strOption == STR_PRINTABLE && !isPrintable( ch ) ) + warnPrintable = TRUE; + if( strOption == STR_IA5 && !isIA5( ch ) ) + warnIA5 = TRUE; + } + } + else + if( doTimeStr ) + { + const char *timeStrPtr = ( strOption == STR_UTCTIME ) ? \ + timeStr : timeStr + 2; + + fprintf( output, " %c%c/%c%c/", timeStrPtr[ 4 ], timeStrPtr[ 5 ], + timeStrPtr[ 2 ], timeStrPtr[ 3 ] ); + if( strOption == STR_UTCTIME ) + fprintf( output, ( timeStr[ 0 ] < '5' ) ? "20" : "19" ); + else + fprintf( output, "%c%c", timeStr[ 0 ], timeStr[ 1 ] ); + fprintf( output, "%c%c %c%c:%c%c:%c%c GMT", timeStrPtr[ 0 ], + timeStrPtr[ 1 ], timeStrPtr[ 6 ], timeStrPtr[ 7 ], + timeStrPtr[ 8 ], timeStrPtr[ 9 ], timeStrPtr[ 10 ], + timeStrPtr[ 11 ] ); + } + else + fputc( '\'', output ); + fputc( '\n', output ); + + /* Display any problems we encountered */ + if( warnPrintable ) + complain( "PrintableString contains illegal character(s)", level ); + if( warnIA5 ) + complain( "IA5String contains illegal character(s)", level ); + if( warnTime ) + complain( "Time is encoded incorrectly", level ); + if( warnBMP ) + complain( "BMPString has missing final byte/half character", level ); + } + +/**************************************************************************** +* * +* ASN.1 Parsing Routines * +* * +****************************************************************************/ + +/* Get an integer value */ + +static long getValue( FILE *inFile, const long length ) + { + long value; + char ch; + int i; + + ch = getc( inFile ); + value = ch; + for( i = 0; i < length - 1; i++ ) + value = ( value << 8 ) | getc( inFile ); + fPos += length; + + return( value ); + } + +/* Get an ASN.1 objects tag and length */ + +int getItem( FILE *inFile, ASN1_ITEM *item ) + { + int tag, length, index = 0; + + memset( item, 0, sizeof( ASN1_ITEM ) ); + item->indefinite = FALSE; + tag = item->header[ index++ ] = fgetc( inFile ); + item->id = tag & ~TAG_MASK; + tag &= TAG_MASK; + if( tag == TAG_MASK ) + { + int value; + + /* Long tag encoded as sequence of 7-bit values. This doesn't try to + handle tags > INT_MAX, it'd be pretty peculiar ASN.1 if it had to + use tags this large */ + tag = 0; + do + { + value = fgetc( inFile ); + tag = ( tag << 7 ) | ( value & 0x7F ); + item->header[ index++ ] = value; + fPos++; + } + while( value & LEN_XTND && index < 5 && !feof( inFile ) ); + if( index == 5 ) + { + fPos++; /* Tag */ + return( FALSE ); + } + } + item->tag = tag; + if( feof( inFile ) ) + { + fPos++; + return( FALSE ); + } + fPos += 2; /* Tag + length */ + length = item->header[ index++ ] = fgetc( inFile ); + item->headerSize = index; + if( length & LEN_XTND ) + { + int i; + + length &= LEN_MASK; + if( length > 4 ) + /* Impossible length value, probably because we've run into + the weeds */ + return( -1 ); + item->headerSize += length; + item->length = 0; + if( !length ) + item->indefinite = TRUE; + for( i = 0; i < length; i++ ) + { + int ch = fgetc( inFile ); + + item->length = ( item->length << 8 ) | ch; + item->header[ i + index ] = ch; + } + fPos += length; + } + else + item->length = length; + + return( TRUE ); + } + +/* Check whether a BIT STRING or OCTET STRING encapsulates another object */ + +static int checkEncapsulate( FILE *inFile, const int tag, const int length ) + { + ASN1_ITEM nestedItem; + const int currentPos = fPos; + int diffPos; + + /* If we're not looking for encapsulated objects, return */ + if( !checkEncaps ) + return( FALSE ); + + /* Read the details of the next item in the input stream */ + getItem( inFile, &nestedItem ); + diffPos = fPos - currentPos; + fPos = currentPos; + fseek( inFile, -diffPos, SEEK_CUR ); + + /* If it fits exactly within the current item and has a valid-looking + tag, treat it as nested data */ + if( ( ( nestedItem.id & CLASS_MASK ) == UNIVERSAL || \ + ( nestedItem.id & CLASS_MASK ) == CONTEXT ) && \ + ( nestedItem.tag > 0 && nestedItem.tag <= 0x31 ) && \ + nestedItem.length == length - diffPos ) + return( TRUE ); + + return( FALSE ); + } + +/* Check whether a zero-length item is OK */ + +int zeroLengthOK( const ASN1_ITEM *item ) + { + /* An implicitly-tagged NULL can have a zero length. An occurrence of this + type of item is almost always an error, however OCSP uses a weird status + encoding that encodes result values in tags and then has to use a NULL + value to indicate that there's nothing there except the tag that encodes + the status, so we allow this as well if zero-length content is explicitly + enabled */ + if( zeroLengthAllowed && ( item->id & CLASS_MASK ) == CONTEXT ) + return( TRUE ); + + /* If we can't recognise the type from the tag, reject it */ + if( ( item->id & CLASS_MASK ) != UNIVERSAL ) + return( FALSE ); + + /* The following types are zero-length by definition */ + if( item->tag == EOC || item->tag == NULLTAG ) + return( TRUE ); + + /* A real with a value of zero has zero length */ + if( item->tag == REAL ) + return( TRUE ); + + /* Everything after this point requires input from the user to say that + zero-length data is OK (usually it's not, so we flag it as a + problem) */ + if( !zeroLengthAllowed ) + return( FALSE ); + + /* String types can have zero length except for the Unrestricted + Character String type ([UNIVERSAL 29]) which has to have at least one + octet for the CH-A/CH-B index */ + if( item->tag == OCTETSTRING || item->tag == NUMERICSTRING || \ + item->tag == PRINTABLESTRING || item->tag == T61STRING || \ + item->tag == VIDEOTEXSTRING || item->tag == VISIBLESTRING || \ + item->tag == IA5STRING || item->tag == GRAPHICSTRING || \ + item->tag == GENERALSTRING || item->tag == UNIVERSALSTRING || \ + item->tag == BMPSTRING || item->tag == UTF8STRING || \ + item->tag == OBJDESCRIPTOR ) + return( TRUE ); + + /* SEQUENCE and SET can be zero if there are absent optional/default + components */ + if( item->tag == SEQUENCE || item->tag == SET ) + return( TRUE ); + + return( FALSE ); + } + +/* Check whether the next item looks like text */ + +static int checkForText( FILE *inFile, const int length ) + { + char buffer[ 16 ]; + int isBMP = FALSE, isUnicode = FALSE; + int sampleLength = min( length, 16 ), i; + + /* If the sample is very short, we're more careful about what we + accept */ + if( sampleLength < 4 ) + { + /* If the sample size is too small, don't try anything */ + if( sampleLength <= 2 ) + return( STR_NONE ); + + /* For samples of 3-4 characters we only allow ASCII text. These + short strings are used in some places (eg PKCS #12 files) as + IDs */ + sampleLength = fread( buffer, 1, sampleLength, inFile ); + fseek( inFile, -sampleLength, SEEK_CUR ); + for( i = 0; i < sampleLength; i++ ) + if( !( isalpha( buffer[ i ] ) || isdigit( buffer[ i ] ) || \ + isspace( buffer[ i ] ) ) ) + return( STR_NONE ); + return( STR_IA5 ); + } + + /* Check for ASCII-looking text */ + sampleLength = fread( buffer, 1, sampleLength, inFile ); + fseek( inFile, -sampleLength, SEEK_CUR ); + if( isdigit( buffer[ 0 ] ) && ( length == 13 || length == 15 ) && \ + buffer[ length - 1 ] == 'Z' ) + { + /* It looks like a time string, make sure it really is one */ + for( i = 0; i < length - 1; i++ ) + if( !isdigit( buffer[ i ] ) ) + break; + if( i == length - 1 ) + return( ( length == 13 ) ? STR_UTCTIME : STR_GENERALIZED ); + } + for( i = 0; i < sampleLength; i++ ) + { + /* If even bytes are zero, it could be a BMPString. Initially + we set isBMP to FALSE, if it looks like a BMPString we set it to + TRUE, if we then encounter a nonzero byte it's neither an ASCII + nor a BMPString */ + if( !( i & 1 ) ) + { + if( !buffer[ i ] ) + { + /* If we thought we were in a Unicode string but we've found a + zero byte where it'd occur in a BMP string, it's neither a + Unicode nor BMP string */ + if( isUnicode ) + return( STR_NONE ); + + /* We've collapsed the eigenstate (in an earlier incarnation + isBMP could take values of -1, 0, or 1, with 0 being + undecided, in which case this comment made a bit more + sense) */ + if( i < sampleLength - 2 ) + /* If the last char(s) are zero but preceding ones + weren't, don't treat it as a BMP string. This can + happen when storing a null-terminated string if the + implementation gets the length wrong and stores the + null as well */ + isBMP = TRUE; + continue; + } + else + /* If we thought we were in a BMPString but we've found a + nonzero byte where there should be a zero, it's neither + an ASCII nor BMP string */ + if( isBMP ) + return( STR_NONE ); + } + else + { + /* Just to make it tricky, Microsoft stuff Unicode strings into + some places (to avoid having to convert them to BMPStrings, + presumably) so we have to check for these as well */ + if( !buffer[ i ] ) + { + if( isBMP ) + return( STR_NONE ); + isUnicode = TRUE; + continue; + } + else + if( isUnicode ) + return( STR_NONE ); + } + if( buffer[ i ] < 0x20 || buffer[ i ] > 0x7E ) + return( STR_NONE ); + } + + /* It looks like a text string */ + return( isUnicode ? STR_BMP_REVERSED : isBMP ? STR_BMP : STR_IA5 ); + } + +/* Dump the header bytes for an object, useful for vgrepping the original + object from a hex dump */ + +static void dumpHeader( FILE *inFile, const ASN1_ITEM *item ) + { + int extraLen = 24 - item->headerSize, i; + + /* Dump the tag and length bytes */ + if( !doPure ) + fprintf( output, " " ); + fprintf( output, "<%02X", *item->header ); + for( i = 1; i < item->headerSize; i++ ) + fprintf( output, " %02X", item->header[ i ] ); + + /* If we're asked for more, dump enough extra data to make up 24 bytes. + This is somewhat ugly since it assumes we can seek backwards over the + data, which means it won't always work on streams */ + if( extraLen > 0 && doDumpHeader > 1 ) + { + /* Make sure we don't print too much data. This doesn't work for + indefinite-length data, we don't try and guess the length with + this since it involves picking apart what we're printing */ + if( extraLen > item->length && !item->indefinite ) + extraLen = ( int ) item->length; + + for( i = 0; i < extraLen; i++ ) + { + int ch = fgetc( inFile ); + + if( feof( inFile ) ) + extraLen = i; /* Exit loop and get fseek() correct */ + else + fprintf( output, " %02X", ch ); + } + fseek( inFile, -extraLen, SEEK_CUR ); + } + + fputs( ">\n", output ); + } + +/* Print a constructed ASN.1 object */ + +int printAsn1( FILE *inFile, const int level, long length, const int isIndefinite ); + +static void printConstructed( FILE *inFile, int level, const ASN1_ITEM *item ) + { + int result; + + /* Special case for zero-length objects */ + if( !item->length && !item->indefinite ) + { + fputs( " {}\n", output ); + return; + } + + fputs( " {\n", output ); + result = printAsn1( inFile, level + 1, item->length, item->indefinite ); + if( result ) + { + fprintf( output, "Error: Inconsistent object length, %d byte%s " + "difference.\n", result, ( result > 1 ) ? "s" : "" ); + noErrors++; + } + if( !doPure ) + fprintf( output, INDENT_STRING ); + fprintf( output, ( printDots ) ? ". " : " " ); + doIndent( level ); + fputs( "}\n", output ); + } + +/* Print a single ASN.1 object */ + +void printASN1object( FILE *inFile, ASN1_ITEM *item, int level ) + { + OIDINFO *oidInfo; + STR_OPTION stringType; + char buffer[ MAX_OID_SIZE ]; + long value; + int x, y; + + if( ( item->id & CLASS_MASK ) != UNIVERSAL ) + { + static const char *const classtext[] = + { "UNIVERSAL ", "APPLICATION ", "", "PRIVATE " }; + + /* Print the object type */ + fprintf( output, "[%s%d]", + classtext[ ( item->id & CLASS_MASK ) >> 6 ], item->tag ); + + /* Perform a sanity check */ + if( ( item->tag != NULLTAG ) && ( item->length < 0 ) ) + { + int i; + + fprintf( stderr, "\nError: Object has bad length field, tag = %02X, " + "length = %lX, value =", item->tag, item->length ); + fprintf( stderr, "<%02X", *item->header ); + for( i = 1; i < item->headerSize; i++ ) + fprintf( stderr, " %02X", item->header[ i ] ); + fputs( ">.\n", stderr ); + exit( EXIT_FAILURE ); + } + + if( !item->length && !item->indefinite && !zeroLengthOK( item ) ) + { + fputc( '\n', output ); + complain( "Object has zero length", level ); + return; + } + + /* If it's constructed, print the various fields in it */ + if( ( item->id & FORM_MASK ) == CONSTRUCTED ) + { + printConstructed( inFile, level, item ); + return; + } + + /* It's primitive, if it's a seekable stream try and determine + whether it's text so we can display it as such */ + if( !useStdin && \ + ( stringType = checkForText( inFile, item->length ) ) != STR_NONE ) + { + /* It looks like a text string, dump it as text */ + displayString( inFile, item->length, level, stringType ); + return; + } + + /* This could be anything, dump it as hex data */ + dumpHex( inFile, item->length, level, FALSE ); + + return; + } + + /* Print the object type */ + fprintf( output, "%s", idstr( item->tag ) ); + + /* Perform a sanity check */ + if( ( item->tag != NULLTAG ) && ( item->length < 0 ) ) + { + int i; + + fprintf( stderr, "\nError: Object has bad length field, tag = %02X, " + "length = %lX, value =", item->tag, item->length ); + fprintf( stderr, "<%02X", *item->header ); + for( i = 1; i < item->headerSize; i++ ) + fprintf( stderr, " %02X", item->header[ i ] ); + fputs( ">.\n", stderr ); + exit( EXIT_FAILURE ); + } + + /* If it's constructed, print the various fields in it */ + if( ( item->id & FORM_MASK ) == CONSTRUCTED ) + { + printConstructed( inFile, level, item ); + return; + } + + /* It's primitive */ + if( !item->length && !zeroLengthOK( item ) ) + { + fputc( '\n', output ); + complain( "Object has zero length", level ); + return; + } + switch( item->tag ) + { + case BOOLEAN: + x = getc( inFile ); + fprintf( output, " %s\n", x ? "TRUE" : "FALSE" ); + if( x != 0 && x != 0xFF ) + complain( "BOOLEAN has non-DER encoding", level ); + fPos++; + break; + + case INTEGER: + case ENUMERATED: + if( item->length > 4 ) + dumpHex( inFile, item->length, level, TRUE ); + else + { + value = getValue( inFile, item->length ); + fprintf( output, " %ld\n", value ); + if( value < 0 ) + complain( "Integer has a negative value", level ); + } + break; + + case BITSTRING: + if( ( x = getc( inFile ) ) != 0 ) + fprintf( output, " %d unused bit%s", + x, ( x != 1 ) ? "s" : "" ); + fPos++; + if( !--item->length && !x ) + { + fputc( '\n', output ); + complain( "Object has zero length", level ); + return; + } + if( item->length <= sizeof( int ) ) + { + /* It's short enough to be a bit flag, dump it as a sequence + of bits */ + dumpBitString( inFile, ( int ) item->length, x, level ); + break; + } + /* Drop through to dump it as an octet string */ + + case OCTETSTRING: + if( checkEncapsulate( inFile, item->tag, item->length ) ) + { + /* It's something encapsulated inside the string, print it as + a constructed item */ + fprintf( output, ", encapsulates" ); + printConstructed( inFile, level, item ); + break; + } + if( !useStdin && !dumpText && \ + ( stringType = checkForText( inFile, item->length ) ) != STR_NONE ) + { + /* If we'd be doing a straight hex dump and it looks like + encapsulated text, display it as such. If the user has + overridden character set type checking and it's a string + type for which we normally perform type checking, we reset + its type to none */ + displayString( inFile, item->length, level, \ + ( !checkCharset && ( stringType == STR_IA5 || \ + stringType == STR_PRINTABLE ) ) ? \ + STR_NONE : stringType ); + return; + } + dumpHex( inFile, item->length, level, FALSE ); + break; + + case OID: + /* Hierarchical Object Identifier: The first two levels are + encoded into one byte, since the root level has only 3 nodes + (40*x + y). However if x = joint-iso-itu-t(2) then y may be + > 39, so we have to add special-case handling for this */ + if( item->length > MAX_OID_SIZE ) + { + fprintf( stderr, "\nError: Object identifier length %ld too " + "large.\n", item->length ); + exit( EXIT_FAILURE ); + } + fread( buffer, 1, ( size_t ) item->length, inFile ); + fPos += item->length; + if( ( oidInfo = getOIDinfo( buffer, ( int ) item->length ) ) != NULL ) + { + /* Check if LHS status info + indent + "OID " string + oid + name will wrap */ + if( ( ( doPure ) ? 0 : INDENT_SIZE ) + ( level * 2 ) + 18 + \ + strlen( oidInfo->description ) >= OUTPUT_WIDTH ) + { + fputc( '\n', output ); + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 1 ); + } + else + fputc( ' ', output ); + fprintf( output, "%s\n", oidInfo->description ); + + /* Display extra comments about the OID if required */ + if( extraOIDinfo && oidInfo->comment != NULL ) + { + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 1 ); + fprintf( output, "(%s)\n", oidInfo->comment ); + } + + /* If there's a warning associated with this OID, remember + that there was a problem */ + if( oidInfo->warn ) + noWarnings++; + + break; + } + + /* Pick apart the OID */ + x = ( unsigned char ) buffer[ 0 ] / 40; + y = ( unsigned char ) buffer[ 0 ] % 40; + if( x > 2 ) + { + /* Handle special case for large y if x = 2 */ + y += ( x - 2 ) * 40; + x = 2; + } + fprintf( output, " '%d %d", x, y ); + value = 0; + for( x = 1; x < item->length; x++ ) + { + value = ( value << 7 ) | ( buffer[ x ] & 0x7F ); + if( !( buffer[ x ] & 0x80 ) ) + { + fprintf( output, " %ld", value ); + value = 0; + } + } + fprintf( output, "'\n" ); + break; + + case EOC: + case NULLTAG: + fputc( '\n', output ); + break; + + case OBJDESCRIPTOR: + case GRAPHICSTRING: + case VISIBLESTRING: + case GENERALSTRING: + case UNIVERSALSTRING: + case NUMERICSTRING: + case VIDEOTEXSTRING: + case UTF8STRING: + displayString( inFile, item->length, level, STR_NONE ); + break; + case PRINTABLESTRING: + displayString( inFile, item->length, level, STR_PRINTABLE ); + break; + case BMPSTRING: + displayString( inFile, item->length, level, STR_BMP ); + break; + case UTCTIME: + displayString( inFile, item->length, level, STR_UTCTIME ); + break; + case GENERALIZEDTIME: + displayString( inFile, item->length, level, STR_GENERALIZED ); + break; + case IA5STRING: + displayString( inFile, item->length, level, STR_IA5 ); + break; + case T61STRING: + displayString( inFile, item->length, level, STR_LATIN1 ); + break; + + default: + fputc( '\n', output ); + if( !doPure ) + fprintf( output, INDENT_STRING ); + doIndent( level + 1 ); + fprintf( output, "Unrecognised primitive, hex value is:"); + dumpHex( inFile, item->length, level, FALSE ); + noErrors++; /* Treat it as an error */ + } + } + +/* Print a complex ASN.1 object */ + +int printAsn1( FILE *inFile, const int level, long length, + const int isIndefinite ) + { + ASN1_ITEM item; + long lastPos = fPos; + int seenEOC = FALSE, status; + + /* Special-case for zero-length objects */ + if( !length && !isIndefinite ) + return( 0 ); + + while( ( status = getItem( inFile, &item ) ) > 0 ) + { + /* Perform various special checks the first time we're called */ + if( length == LENGTH_MAGIC ) + { + /* If the length isn't known and the item has a definite length, + set the length to the item's length */ + if( !item.indefinite ) + length = item.headerSize + item.length; + + /* If the input isn't seekable, turn off some options that + require the use of fseek(). This check isn't perfect (some + streams are slightly seekable due to buffering) but it's + better than nothing */ + if( fseek( inFile, -item.headerSize, SEEK_CUR ) ) + { + useStdin = TRUE; + checkEncaps = FALSE; + puts( "Warning: Input is non-seekable, some functionality " + "has been disabled." ); + } + else + fseek( inFile, item.headerSize, SEEK_CUR ); + } + + /* Dump the header as hex data if requested */ + if( doDumpHeader ) + dumpHeader( inFile, &item ); + + /* Print offset into buffer, tag, and length */ + if( item.header[ 0 ] == EOC ) + { + seenEOC = TRUE; + if( !isIndefinite) + complain( "Spurious EOC in definite-length item", level ); + } + if( !doPure ) + { +#if 0 + /* Don't print hex tags any more to save display space */ + if( item.indefinite ) + fprintf( output, ( doHexValues ) ? "%04lX %02X NDEF: " : + "%4ld %02X NDEF: ", lastPos, item.id | item.tag ); + else + if( !seenEOC ) + fprintf( output, ( doHexValues ) ? "%04lX %02X %4lX: " : + "%4ld %02X %4ld: ", lastPos, item.id | item.tag, + item.length ); +#else + if( item.indefinite ) + fprintf( output, ( doHexValues ) ? "%04lX NDEF: " : + "%4ld NDEF: ", lastPos ); + else + if( !seenEOC ) + fprintf( output, ( doHexValues ) ? "%04lX %4lX: " : + "%4ld %4ld: ", lastPos, item.length ); +#endif + } + + /* Print details on the item */ + if( !seenEOC ) + { + doIndent( level ); + printASN1object( inFile, &item, level ); + } + + /* If it was an indefinite-length object (no length was ever set) and + we've come back to the top level, exit */ + if( length == LENGTH_MAGIC ) + return( 0 ); + + length -= fPos - lastPos; + lastPos = fPos; + if( isIndefinite ) + { + if( seenEOC ) + return( 0 ); + } + else + if( length <= 0 ) + { + if( length < 0 ) + return( ( int ) -length ); + return( 0 ); + } + else + if( length == 1 ) + { + const int ch = fgetc( inFile ); + + /* No object can be one byte long, try and recover. This + only works sometimes because it can be caused by + spurious data in an OCTET STRING hole or an incorrect + length encoding. The following workaround tries to + recover from spurious data by skipping the byte if + it's zero or a non-basic-ASN.1 tag, but keeping it if + it could be valid ASN.1 */ + if( ch && ch <= 0x31 ) + ungetc( ch, inFile ); + else + { + fPos++; + return( 1 ); + } + } + } + if( status == -1 ) + { + fprintf( stderr, "\nError: Invalid data encountered at position " + "%d.\n", fPos ); + exit( EXIT_FAILURE ); + } + + /* If we see an EOF and there's supposed to be more data present, + complain */ + if( length && length != LENGTH_MAGIC ) + { + fprintf( output, "Error: Inconsistent object length, %ld byte%s " + "difference.\n", length, ( length > 1 ) ? "s" : "" ); + noErrors++; + } + return( 0 ); + } + +/* Show usage and exit */ + +void usageExit( void ) + { + puts( "DumpASN1 - ASN.1 object dump/syntax check program." ); + puts( "Copyright Peter Gutmann 1997 - 2002. Last updated " UPDATE_STRING "." ); + puts( "" ); + puts( "Usage: dumpasn1 [-acdefhlprstuxz] " ); + puts( " - = Take input from stdin (some options may not work properly)" ); + puts( " - = Start bytes into the file" ); + puts( " -- = End of arg list" ); + puts( " -a = Print all data in long data blocks, not just the first 128 bytes" ); + puts( " -c = Read Object Identifier info from alternate config file" ); + puts( " (values will override equivalents in global config file)" ); + puts( " -d = Print dots to show column alignment" ); + puts( " -e = Don't print encapsulated data inside OCTET/BIT STRINGs" ); + puts( " -f = Dump object at offset - to file (allows data to be" ); + puts( " extracted from encapsulating objects)" ); + puts( " -h = Hex dump object header (tag+length) before the decoded output" ); + puts( " -hh = Same as -h but display more of the object as hex data" ); + puts( " -i = Use shallow indenting, for deeply-nested objects" ); + puts( " -l = Long format, display extra info about Object Identifiers" ); + puts( " -o = Don't check validity of character strings hidden in octet strings" ); + puts( " -p = Pure ASN.1 output without encoding information" ); + puts( " -r = Print bits in BIT STRING as encoded in reverse order" ); + puts( " -s = Syntax check only, don't dump ASN.1 structures" ); + puts( " -t = Display text values next to hex dump of data" ); + puts( " -u = Don't format UTCTime/GeneralizedTime string data" ); + puts( " -x = Display size and offset in hex not decimal" ); + puts( " -z = Allow zero-length items" ); + puts( "" ); + puts( "Warnings generated by deprecated OIDs require the use of '-l' to be displayed." ); + puts( "Program return code is the number of errors found or EXIT_SUCCESS." ); + exit( EXIT_FAILURE ); + } + +int main( int argc, char *argv[] ) + { + FILE *inFile, *outFile = NULL; +#ifdef __OS390__ + char pathPtr[ FILENAME_MAX ]; +#else + char *pathPtr = argv[ 0 ]; +#endif /* __OS390__ */ + long offset = 0; + int moreArgs = TRUE, doCheckOnly = FALSE; + +#ifdef __OS390__ + memset( pathPtr, '\0', sizeof( pathPtr ) ); + getcwd( pathPtr, sizeof( pathPtr ) ); + strcat( pathPtr, "/" ); +#endif /* __OS390__ */ + + /* Skip the program name */ + argv++; argc--; + + /* Display usage if no args given */ + if( argc < 1 ) + usageExit(); + output = stdout; /* Needs to be assigned at runtime */ + + /* Check for arguments */ + while( argc && *argv[ 0 ] == '-' && moreArgs ) + { + char *argPtr = argv[ 0 ] + 1; + + if( !*argPtr ) + useStdin = TRUE; + while( *argPtr ) + { + if( isdigit( *argPtr ) ) + { + offset = atol( argPtr ); + break; + } + switch( toupper( *argPtr ) ) + { + case '-': + moreArgs = FALSE; /* GNU-style end-of-args flag */ + break; + + case 'A': + printAllData = TRUE; + break; + + case 'C': + if( !readConfig( argPtr + 1, FALSE ) ) + exit( EXIT_FAILURE ); + while( argPtr[ 1 ] ) + argPtr++; /* Skip rest of arg */ + break; + + case 'D': + printDots = TRUE; + break; + + case 'E': + checkEncaps = FALSE; + break; + + case 'F': + if( ( outFile = fopen( argPtr + 1, "wb" ) ) == NULL ) + { + perror( argPtr + 1 ); + exit( EXIT_FAILURE ); + } + while( argPtr[ 1 ] ) + argPtr++; /* Skip rest of arg */ + break; + + case 'I': + shallowIndent = TRUE; + break; + + case 'L': + extraOIDinfo = TRUE; + break; + + case 'H': + doDumpHeader++; + break; + + case 'O': + checkCharset = TRUE; + break; + + case 'P': + doPure = TRUE; + break; + + case 'R': + reverseBitString = !reverseBitString; + break; + + case 'S': + doCheckOnly = TRUE; +#if defined( __WIN32__ ) + /* Under Windows we can't fclose( stdout ) because the + VC++ runtime reassigns the stdout handle to the next + open file (which is valid) but then scribbles stdout + garbage all over it for files larger than about 16K + (which isn't), so we have to make sure that the + stdout handle is pointed to something somewhere */ + freopen( "nul", "w", stdout ); +#elif defined( __UNIX__ ) + /* Safety feature in case any Unix libc is as broken + as the Win32 version */ + freopen( "/dev/null", "w", stdout ); +#else + fclose( stdout ); +#endif /* OS-specific bypassing of stdout */ + break; + + case 'T': + dumpText = TRUE; + break; + + case 'U': + rawTimeString = TRUE; + break; + + case 'X': + doHexValues = TRUE; + break; + + case 'Z': + zeroLengthAllowed = TRUE; + break; + + default: + printf( "Unknown argument '%c'.\n", *argPtr ); + return( EXIT_SUCCESS ); + } + argPtr++; + } + argv++; + argc--; + } + + /* We can't use options that perform an fseek() if reading from stdin */ + if( useStdin && ( doDumpHeader || outFile != NULL ) ) + { + puts( "Can't use -f or -h when taking input from stdin" ); + exit( EXIT_FAILURE ); + } + + /* Check args and read the config file. We don't bother weeding out + dups during the read because (a) the linear search would make the + process n^2, (b) during the dump process the search will terminate on + the first match so dups aren't that serious, and (c) there should be + very few dups present */ + if( argc != 1 && !useStdin ) + usageExit(); + if( !readGlobalConfig( pathPtr ) ) + exit( EXIT_FAILURE ); + + /* Dump the given file */ + if( useStdin ) + inFile = stdin; + else + if( ( inFile = fopen( argv[ 0 ], "rb" ) ) == NULL ) + { + perror( argv[ 0 ] ); + exit( EXIT_FAILURE ); + } + if( useStdin ) + { + while( offset-- ) + getc( inFile ); + } + else + fseek( inFile, offset, SEEK_SET ); + if( outFile != NULL ) + { + ASN1_ITEM item; + long length; + int i, status; + + /* Make sure there's something there, and that it has a definite + length */ + status = getItem( inFile, &item ); + if( status == -1 ) + { + puts( "Non-ASN.1 data encountered." ); + exit( EXIT_FAILURE ); + } + if( status == 0 ) + { + puts( "Nothing to read." ); + exit( EXIT_FAILURE ); + } + if( item.indefinite ) + { + puts( "Cannot process indefinite-length item." ); + exit( EXIT_FAILURE ); + } + + /* Copy the item across, first the header and then the data */ + for( i = 0; i < item.headerSize; i++ ) + putc( item.header[ i ], outFile ); + for( length = 0; length < item.length && !feof( inFile ); length++ ) + putc( getc( inFile ), outFile ); + fclose( outFile ); + + fseek( inFile, offset, SEEK_SET ); + } + printAsn1( inFile, 0, LENGTH_MAGIC, 0 ); + fclose( inFile ); + + /* Print a summary of warnings/errors if it's required or appropriate */ + if( !doPure ) + { + if( !doCheckOnly ) + fputc( '\n', stderr ); + fprintf( stderr, "%d warning%s, %d error%s.\n", noWarnings, + ( noWarnings != 1 ) ? "s" : "", noErrors, + ( noErrors != 1 ) ? "s" : "" ); + } + + return( ( noErrors ) ? noErrors : EXIT_SUCCESS ); + } diff --git a/dumpasn1.cfg b/dumpasn1.cfg new file mode 100644 index 0000000..974fc60 --- /dev/null +++ b/dumpasn1.cfg @@ -0,0 +1,5696 @@ +# dumpasn1 Object Identifier configuration file, available from +# http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. This is read by +# dumpasn1.c and is used to display information on Object Identifiers found in +# ASN.1 objects. This is merely a list of things that you might conceivably +# find in use somewhere, and should in no way be taken as a guide to which OIDs +# to use - many of these will never been seen in the wild, or should be shot on +# sight if encountered. +# +# The format of this file is as follows: +# +# - All blank lines and lines beginning with a '#' are ignored. +# - OIDs are described by a set of attributes, of which at least the 'OID' and +# 'Description' must be present. Optional attributes are a 'Comment' and a +# 'Warning' (to indicate that dumpasn1 will display a warning if this OID is +# encountered). +# - Attributes are listed one per line. The first attribute should be an 'OID' +# attribute since this is used to denote the start of a new OID description. +# The other attributes may be given in any order. +# +# See the rest of this file for examples of what an OID description should look +# like. + +# Deutsche Telekom/Telesec + +OID = 06 05 02 82 06 01 0A +Comment = Deutsche Telekom +Description = Telesec (0 2 262 1 10) + +OID = 06 06 02 82 06 01 0A 00 +Comment = Telesec +Description = extension (0 2 262 1 10 0) + +OID = 06 06 02 82 06 01 0A 01 +Comment = Telesec +Description = mechanism (0 2 262 1 10 1) + +OID = 06 07 02 82 06 01 0A 01 00 +Comment = Telesec mechanism +Description = authentication (0 2 262 1 10 1 0) + +OID = 06 08 02 82 06 01 0A 01 00 01 +Comment = Telesec authentication +Description = passwordAuthentication (0 2 262 1 10 1 0 1) + +OID = 06 08 02 82 06 01 0A 01 00 02 +Comment = Telesec authentication +Description = protectedPasswordAuthentication (0 2 262 1 10 1 0 2) + +OID = 06 08 02 82 06 01 0A 01 00 03 +Comment = Telesec authentication +Description = oneWayX509Authentication (0 2 262 1 10 1 0 3) + +OID = 06 08 02 82 06 01 0A 01 00 04 +Comment = Telesec authentication +Description = twoWayX509Authentication (0 2 262 1 10 1 0 4) + +OID = 06 08 02 82 06 01 0A 01 00 05 +Comment = Telesec authentication +Description = threeWayX509Authentication (0 2 262 1 10 1 0 5) + +OID = 06 08 02 82 06 01 0A 01 00 06 +Comment = Telesec authentication +Description = oneWayISO9798Authentication (0 2 262 1 10 1 0 6) + +OID = 06 08 02 82 06 01 0A 01 00 07 +Comment = Telesec authentication +Description = twoWayISO9798Authentication (0 2 262 1 10 1 0 7) + +OID = 06 08 02 82 06 01 0A 01 00 08 +Comment = Telesec authentication +Description = telekomAuthentication (0 2 262 1 10 1 0 8) + +OID = 06 07 02 82 06 01 0A 01 01 +Comment = Telesec mechanism +Description = signature (0 2 262 1 10 1 1) + +OID = 06 08 02 82 06 01 0A 01 01 01 +Comment = Telesec mechanism +Description = md4WithRSAAndISO9697 (0 2 262 1 10 1 1 1) + +OID = 06 08 02 82 06 01 0A 01 01 02 +Comment = Telesec mechanism +Description = md4WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 2) + +OID = 06 08 02 82 06 01 0A 01 01 03 +Comment = Telesec mechanism +Description = md5WithRSAAndISO9697 (0 2 262 1 10 1 1 3) + +OID = 06 08 02 82 06 01 0A 01 01 04 +Comment = Telesec mechanism +Description = md5WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 4) + +# PKCS #1 signature with RIPEMD-160 +OID = 06 08 02 82 06 01 0A 01 01 05 +Comment = Telesec mechanism +Description = ripemd160WithRSAAndTelekomSignatureStandard (0 2 262 1 10 1 1 5) + +# RIPEMD-160 with raw RSA (ie no padding, just 160 bytes encrypted) signature +OID = 06 08 02 82 06 01 0A 01 01 09 +Comment = Telesec signature +Description = hbciRsaSignature (0 2 262 1 10 1 1 9) + +OID = 06 07 02 82 06 01 0A 01 02 +Comment = Telesec mechanism +Description = encryption (0 2 262 1 10 1 2) + +# Specially recommended by the NSA for German use +OID = 06 08 02 82 06 01 0A 01 02 00 +Comment = Telesec encryption +Description = none (0 2 262 1 10 1 2 0) + +OID = 06 08 02 82 06 01 0A 01 02 01 +Comment = Telesec encryption +Description = rsaTelesec (0 2 262 1 10 1 2 1) + +OID = 06 08 02 82 06 01 0A 01 02 02 +Comment = Telesec encryption +Description = des (0 2 262 1 10 1 2 2) + +OID = 06 09 02 82 06 01 0A 01 02 02 01 +Comment = Telesec encryption +Description = desECB (0 2 262 1 10 1 2 2 1) + +OID = 06 09 02 82 06 01 0A 01 02 02 02 +Comment = Telesec encryption +Description = desCBC (0 2 262 1 10 1 2 2 2) + +OID = 06 09 02 82 06 01 0A 01 02 02 03 +Comment = Telesec encryption +Description = desOFB (0 2 262 1 10 1 2 2 3) + +OID = 06 09 02 82 06 01 0A 01 02 02 04 +Comment = Telesec encryption +Description = desCFB8 (0 2 262 1 10 1 2 2 4) + +OID = 06 09 02 82 06 01 0A 01 02 02 05 +Comment = Telesec encryption +Description = desCFB64 (0 2 262 1 10 1 2 2 5) + +OID = 06 08 02 82 06 01 0A 01 02 03 +Comment = Telesec encryption +Description = des3 (0 2 262 1 10 1 2 3) + +OID = 06 09 02 82 06 01 0A 01 02 03 01 +Comment = Telesec encryption +Description = des3ECB (0 2 262 1 10 1 2 3 1) + +OID = 06 09 02 82 06 01 0A 01 02 03 02 +Comment = Telesec encryption +Description = des3CBC (0 2 262 1 10 1 2 3 2) + +OID = 06 09 02 82 06 01 0A 01 02 03 03 +Comment = Telesec encryption +Description = des3OFB (0 2 262 1 10 1 2 3 3) + +OID = 06 09 02 82 06 01 0A 01 02 03 04 +Comment = Telesec encryption +Description = des3CFB8 (0 2 262 1 10 1 2 3 4) + +OID = 06 09 02 82 06 01 0A 01 02 03 05 +Comment = Telesec encryption +Description = des3CFB64 (0 2 262 1 10 1 2 3 5) + +OID = 06 08 02 82 06 01 0A 01 02 04 +Comment = Telesec encryption +Description = magenta (0 2 262 1 10 1 2 4) + +OID = 06 08 02 82 06 01 0A 01 02 05 +Comment = Telesec encryption +Description = idea (0 2 262 1 10 1 2 5) + +OID = 06 09 02 82 06 01 0A 01 02 05 01 +Comment = Telesec encryption +Description = ideaECB (0 2 262 1 10 1 2 5 1) + +OID = 06 09 02 82 06 01 0A 01 02 05 02 +Comment = Telesec encryption +Description = ideaCBC (0 2 262 1 10 1 2 5 2) + +OID = 06 09 02 82 06 01 0A 01 02 05 03 +Comment = Telesec encryption +Description = ideaOFB (0 2 262 1 10 1 2 5 3) + +OID = 06 09 02 82 06 01 0A 01 02 05 04 +Comment = Telesec encryption +Description = ideaCFB8 (0 2 262 1 10 1 2 5 4) + +OID = 06 09 02 82 06 01 0A 01 02 05 05 +Comment = Telesec encryption +Description = ideaCFB64 (0 2 262 1 10 1 2 5 5) + +OID = 06 07 02 82 06 01 0A 01 03 +Comment = Telesec mechanism +Description = oneWayFunction (0 2 262 1 10 1 3) + +OID = 06 08 02 82 06 01 0A 01 03 01 +Comment = Telesec one-way function +Description = md4 (0 2 262 1 10 1 3 1) + +OID = 06 08 02 82 06 01 0A 01 03 02 +Comment = Telesec one-way function +Description = md5 (0 2 262 1 10 1 3 2) + +OID = 06 08 02 82 06 01 0A 01 03 03 +Comment = Telesec one-way function +Description = sqModNX509 (0 2 262 1 10 1 3 3) + +OID = 06 08 02 82 06 01 0A 01 03 04 +Comment = Telesec one-way function +Description = sqModNISO (0 2 262 1 10 1 3 4) + +OID = 06 08 02 82 06 01 0A 01 03 05 +Comment = Telesec one-way function +Description = ripemd128 (0 2 262 1 10 1 3 5) + +OID = 06 08 02 82 06 01 0A 01 03 06 +Comment = Telesec one-way function +Description = hashUsingBlockCipher (0 2 262 1 10 1 3 6) + +OID = 06 08 02 82 06 01 0A 01 03 07 +Comment = Telesec one-way function +Description = mac (0 2 262 1 10 1 3 7) + +OID = 06 08 02 82 06 01 0A 01 03 08 +Comment = Telesec one-way function +Description = ripemd160 (0 2 262 1 10 1 3 8) + +OID = 06 07 02 82 06 01 0A 01 04 +Comment = Telesec mechanism +Description = fecFunction (0 2 262 1 10 1 4) + +OID = 06 08 02 82 06 01 0A 01 04 01 +Comment = Telesec mechanism +Description = reedSolomon (0 2 262 1 10 1 4 1) + +OID = 06 06 02 82 06 01 0A 02 +Comment = Telesec +Description = module (0 2 262 1 10 2) + +OID = 06 07 02 82 06 01 0A 02 00 +Comment = Telesec module +Description = algorithms (0 2 262 1 10 2 0) + +OID = 06 07 02 82 06 01 0A 02 01 +Comment = Telesec module +Description = attributeTypes (0 2 262 1 10 2 1) + +OID = 06 07 02 82 06 01 0A 02 02 +Comment = Telesec module +Description = certificateTypes (0 2 262 1 10 2 2) + +OID = 06 07 02 82 06 01 0A 02 03 +Comment = Telesec module +Description = messageTypes (0 2 262 1 10 2 3) + +OID = 06 07 02 82 06 01 0A 02 04 +Comment = Telesec module +Description = plProtocol (0 2 262 1 10 2 4) + +OID = 06 07 02 82 06 01 0A 02 05 +Comment = Telesec module +Description = smeAndComponentsOfSme (0 2 262 1 10 2 5) + +OID = 06 07 02 82 06 01 0A 02 06 +Comment = Telesec module +Description = fec (0 2 262 1 10 2 6) + +OID = 06 07 02 82 06 01 0A 02 07 +Comment = Telesec module +Description = usefulDefinitions (0 2 262 1 10 2 7) + +OID = 06 07 02 82 06 01 0A 02 08 +Comment = Telesec module +Description = stefiles (0 2 262 1 10 2 8) + +OID = 06 07 02 82 06 01 0A 02 09 +Comment = Telesec module +Description = sadmib (0 2 262 1 10 2 9) + +OID = 06 07 02 82 06 01 0A 02 0A +Comment = Telesec module +Description = electronicOrder (0 2 262 1 10 2 10) + +OID = 06 07 02 82 06 01 0A 02 0B +Comment = Telesec module +Description = telesecTtpAsymmetricApplication (0 2 262 1 10 2 11) + +OID = 06 07 02 82 06 01 0A 02 0C +Comment = Telesec module +Description = telesecTtpBasisApplication (0 2 262 1 10 2 12) + +OID = 06 07 02 82 06 01 0A 02 0D +Comment = Telesec module +Description = telesecTtpMessages (0 2 262 1 10 2 13) + +OID = 06 07 02 82 06 01 0A 02 0E +Comment = Telesec module +Description = telesecTtpTimeStampApplication (0 2 262 1 10 2 14) + +OID = 06 06 02 82 06 01 0A 03 +Comment = Telesec +Description = objectClass (0 2 262 1 10 3) + +OID = 06 07 02 82 06 01 0A 03 00 +Comment = Telesec object class +Description = telesecOtherName (0 2 262 1 10 3 0) + +OID = 06 07 02 82 06 01 0A 03 01 +Comment = Telesec object class +Description = directory (0 2 262 1 10 3 1) + +OID = 06 07 02 82 06 01 0A 03 02 +Comment = Telesec object class +Description = directoryType (0 2 262 1 10 3 2) + +OID = 06 07 02 82 06 01 0A 03 03 +Comment = Telesec object class +Description = directoryGroup (0 2 262 1 10 3 3) + +OID = 06 07 02 82 06 01 0A 03 04 +Comment = Telesec object class +Description = directoryUser (0 2 262 1 10 3 4) + +OID = 06 07 02 82 06 01 0A 03 05 +Comment = Telesec object class +Description = symmetricKeyEntry (0 2 262 1 10 3 5) + +OID = 06 06 02 82 06 01 0A 04 +Comment = Telesec +Description = package (0 2 262 1 10 4) + +OID = 06 06 02 82 06 01 0A 05 +Comment = Telesec +Description = parameter (0 2 262 1 10 5) + +OID = 06 06 02 82 06 01 0A 06 +Comment = Telesec +Description = nameBinding (0 2 262 1 10 6) + +OID = 06 06 02 82 06 01 0A 07 +Comment = Telesec +Description = attribute (0 2 262 1 10 7) + +OID = 06 07 02 82 06 01 0A 07 00 +Comment = Telesec attribute +Description = applicationGroupIdentifier (0 2 262 1 10 7 0) + +OID = 06 07 02 82 06 01 0A 07 01 +Comment = Telesec attribute +Description = certificateType (0 2 262 1 10 7 1) + +OID = 06 07 02 82 06 01 0A 07 02 +Comment = Telesec attribute +Description = telesecCertificate (0 2 262 1 10 7 2) + +OID = 06 07 02 82 06 01 0A 07 03 +Comment = Telesec attribute +Description = certificateNumber (0 2 262 1 10 7 3) + +OID = 06 07 02 82 06 01 0A 07 04 +Comment = Telesec attribute +Description = certificateRevocationList (0 2 262 1 10 7 4) + +OID = 06 07 02 82 06 01 0A 07 05 +Comment = Telesec attribute +Description = creationDate (0 2 262 1 10 7 5) + +OID = 06 07 02 82 06 01 0A 07 06 +Comment = Telesec attribute +Description = issuer (0 2 262 1 10 7 6) + +OID = 06 07 02 82 06 01 0A 07 07 +Comment = Telesec attribute +Description = namingAuthority (0 2 262 1 10 7 7) + +OID = 06 07 02 82 06 01 0A 07 08 +Comment = Telesec attribute +Description = publicKeyDirectory (0 2 262 1 10 7 8) + +OID = 06 07 02 82 06 01 0A 07 09 +Comment = Telesec attribute +Description = securityDomain (0 2 262 1 10 7 9) + +OID = 06 07 02 82 06 01 0A 07 0A +Comment = Telesec attribute +Description = subject (0 2 262 1 10 7 10) + +OID = 06 07 02 82 06 01 0A 07 0B +Comment = Telesec attribute +Description = timeOfRevocation (0 2 262 1 10 7 11) + +OID = 06 07 02 82 06 01 0A 07 0C +Comment = Telesec attribute +Description = userGroupReference (0 2 262 1 10 7 12) + +OID = 06 07 02 82 06 01 0A 07 0D +Comment = Telesec attribute +Description = validity (0 2 262 1 10 7 13) + +OID = 06 07 02 82 06 01 0A 07 0E +Comment = Telesec attribute +Description = zert93 (0 2 262 1 10 7 14) + +# It really is called that +OID = 06 07 02 82 06 01 0A 07 0F +Comment = Telesec attribute +Description = securityMessEnv (0 2 262 1 10 7 15) + +OID = 06 07 02 82 06 01 0A 07 10 +Comment = Telesec attribute +Description = anonymizedPublicKeyDirectory (0 2 262 1 10 7 16) + +OID = 06 07 02 82 06 01 0A 07 11 +Comment = Telesec attribute +Description = telesecGivenName (0 2 262 1 10 7 17) + +OID = 06 07 02 82 06 01 0A 07 12 +Comment = Telesec attribute +Description = nameAdditions (0 2 262 1 10 7 18) + +OID = 06 07 02 82 06 01 0A 07 13 +Comment = Telesec attribute +Description = telesecPostalCode (0 2 262 1 10 7 19) + +OID = 06 07 02 82 06 01 0A 07 14 +Comment = Telesec attribute +Description = nameDistinguisher (0 2 262 1 10 7 20) + +OID = 06 07 02 82 06 01 0A 07 15 +Comment = Telesec attribute +Description = telesecCertificateList (0 2 262 1 10 7 21) + +OID = 06 07 02 82 06 01 0A 07 16 +Comment = Telesec attribute +Description = teletrustCertificateList (0 2 262 1 10 7 22) + +OID = 06 07 02 82 06 01 0A 07 17 +Comment = Telesec attribute +Description = x509CertificateList (0 2 262 1 10 7 23) + +OID = 06 07 02 82 06 01 0A 07 18 +Comment = Telesec attribute +Description = timeOfIssue (0 2 262 1 10 7 24) + +OID = 06 07 02 82 06 01 0A 07 19 +Comment = Telesec attribute +Description = physicalCardNumber (0 2 262 1 10 7 25) + +OID = 06 07 02 82 06 01 0A 07 1A +Comment = Telesec attribute +Description = fileType (0 2 262 1 10 7 26) + +OID = 06 07 02 82 06 01 0A 07 1B +Comment = Telesec attribute +Description = ctlFileIsArchive (0 2 262 1 10 7 27) + +OID = 06 07 02 82 06 01 0A 07 1C +Comment = Telesec attribute +Description = emailAddress (0 2 262 1 10 7 28) + +OID = 06 07 02 82 06 01 0A 07 1D +Comment = Telesec attribute +Description = certificateTemplateList (0 2 262 1 10 7 29) + +OID = 06 07 02 82 06 01 0A 07 1E +Comment = Telesec attribute +Description = directoryName (0 2 262 1 10 7 30) + +OID = 06 07 02 82 06 01 0A 07 1F +Comment = Telesec attribute +Description = directoryTypeName (0 2 262 1 10 7 31) + +OID = 06 07 02 82 06 01 0A 07 20 +Comment = Telesec attribute +Description = directoryGroupName (0 2 262 1 10 7 32) + +OID = 06 07 02 82 06 01 0A 07 21 +Comment = Telesec attribute +Description = directoryUserName (0 2 262 1 10 7 33) + +OID = 06 07 02 82 06 01 0A 07 22 +Comment = Telesec attribute +Description = revocationFlag (0 2 262 1 10 7 34) + +OID = 06 07 02 82 06 01 0A 07 23 +Comment = Telesec attribute +Description = symmetricKeyEntryName (0 2 262 1 10 7 35) + +OID = 06 07 02 82 06 01 0A 07 24 +Comment = Telesec attribute +Description = glNumber (0 2 262 1 10 7 36) + +OID = 06 07 02 82 06 01 0A 07 25 +Comment = Telesec attribute +Description = goNumber (0 2 262 1 10 7 37) + +OID = 06 07 02 82 06 01 0A 07 26 +Comment = Telesec attribute +Description = gKeyData (0 2 262 1 10 7 38) + +OID = 06 07 02 82 06 01 0A 07 27 +Comment = Telesec attribute +Description = zKeyData (0 2 262 1 10 7 39) + +OID = 06 07 02 82 06 01 0A 07 28 +Comment = Telesec attribute +Description = ktKeyData (0 2 262 1 10 7 40) + +OID = 06 07 02 82 06 01 0A 07 2A +Comment = Telesec attribute +Description = ktKeyNumber (0 2 262 1 10 7 41) + +OID = 06 07 02 82 06 01 0A 07 33 +Comment = Telesec attribute +Description = timeOfRevocationGen (0 2 262 1 10 7 51) + +OID = 06 07 02 82 06 01 0A 07 34 +Comment = Telesec attribute +Description = liabilityText (0 2 262 1 10 7 52) + +OID = 06 06 02 82 06 01 0A 08 +Comment = Telesec +Description = attributeGroup (0 2 262 1 10 8) + +OID = 06 06 02 82 06 01 0A 09 +Comment = Telesec +Description = action (0 2 262 1 10 9) + +OID = 06 06 02 82 06 01 0A 0A +Comment = Telesec +Description = notification (0 2 262 1 10 10) + +OID = 06 06 02 82 06 01 0A 0B +Comment = Telesec +Description = snmp-mibs (0 2 262 1 10 11) + +OID = 06 07 02 82 06 01 0A 0B 01 +Comment = Telesec SNMP MIBs +Description = securityApplication (0 2 262 1 10 11 1) + +OID = 06 06 02 82 06 01 0A 0C +Comment = Telesec +Description = certAndCrlExtensionDefinitions (0 2 262 1 10 12) + +OID = 06 07 02 82 06 01 0A 0C 00 +Comment = Telesec cert/CRL extension +Description = certExtensionLiabilityLimitationExt (0 2 262 1 10 12 0) + +OID = 06 07 02 82 06 01 0A 0C 01 +Comment = Telesec cert/CRL extension +Description = telesecCertIdExt (0 2 262 1 10 12 1) + +OID = 06 07 02 82 06 01 0A 0C 02 +Comment = Telesec cert/CRL extension +Description = Telesec policyIdentifier (0 2 262 1 10 12 2) + +OID = 06 07 02 82 06 01 0A 0C 03 +Comment = Telesec cert/CRL extension +Description = telesecPolicyQualifierID (0 2 262 1 10 12 3) + +OID = 06 07 02 82 06 01 0A 0C 04 +Comment = Telesec cert/CRL extension +Description = telesecCRLFilteredExt (0 2 262 1 10 12 4) + +OID = 06 07 02 82 06 01 0A 0C 05 +Comment = Telesec cert/CRL extension +Description = telesecCRLFilterExt (0 2 262 1 10 12 5) + +OID = 06 07 02 82 06 01 0A 0C 06 +Comment = Telesec cert/CRL extension +Description = telesecNamingAuthorityExt (0 2 262 1 10 12 6) + +# RFC 1274 (X.500 attribute collection from the UK, thus the weird OID). + +OID = 06 0A 09 92 26 89 93 F2 2C 64 01 01 +Comment = Some oddball X.500 attribute collection +Description = userID (0 9 2342 19200300 100 1 1) + +OID = 06 0A 09 92 26 89 93 F2 2C 64 01 03 +Comment = Some oddball X.500 attribute collection +Description = rfc822Mailbox (0 9 2342 19200300 100 1 3) + +# RFC 2247, How to Kludge an FQDN as a DN (or words to that effect), another +# fine product of the UK (also present in the above mentioned RFC 1274). + +OID = 06 0A 09 92 26 89 93 F2 2C 64 01 19 +Comment = Men are from Mars, this OID is from Pluto +Description = domainComponent (0 9 2342 19200300 100 1 25) + +# Australian Government + +OID = 06 06 2A 24 01 82 4D 01 +Comment = Australian Government corporate taxpayer ID +Description = australianBusinessNumber (1 2 36 1 333 1) + +# Certificates Australia (Australia use the corporate tax identifier (ABN) +# as de facto unique identifiers in OIDs, thus the bizarre fourth value. +# See also Signet and other Australian corporate OIDs). + +OID = 06 0A 2A 24 A4 97 A3 53 01 64 01 01 +Comment = Certificates Australia CA +Description = Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1) + +# Signet + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 02 +Comment = Signet CA +Description = Signet personal (1 2 36 68980861 1 1 2) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 03 +Comment = Signet CA +Description = Signet business (1 2 36 68980861 1 1 3) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 04 +Comment = Signet CA +Description = Signet legal (1 2 36 68980861 1 1 4) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0A +Comment = Signet CA +Description = Signet pilot (1 2 36 68980861 1 1 10) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0B +Comment = Signet CA +Description = Signet intraNet (1 2 36 68980861 1 1 11) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 14 +Comment = Signet CA +Description = Signet policyIdentifier (1 2 36 68980861 1 1 20) + +# Mitsubishi + +OID = 06 0A 2A 83 08 8C 1A 4B 3D 01 01 01 +Comment = Mitsubishi security algorithm +Description = symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1) + +OID = 06 0B 2A 83 08 8C 9A 4B 3D 01 01 01 01 +Comment = Mitsubishi security algorithm +Description = misty1-cbc (1 2 392 200011 61 1 1 1 1) + +# SEIS + +OID = 06 05 2A 85 70 22 01 +Comment = SEIS Project +Description = seis-cp (1 2 752 34 1) + +OID = 06 06 2A 85 70 22 01 01 +Comment = SEIS Project certificate policies +Description = SEIS high-assurance policyIdentifier (1 2 752 34 1 1) + +OID = 06 06 2A 85 70 22 01 02 +Comment = SEIS Project certificate policies +Description = SEIS GAK policyIdentifier (1 2 752 34 1 2) + +OID = 06 05 2A 85 70 22 02 +Comment = SEIS Project +Description = SEIS pe (1 2 752 34 2) + +OID = 06 05 2A 85 70 22 03 +Comment = SEIS Project +Description = SEIS at (1 2 752 34 3) + +OID = 06 06 2A 85 70 22 03 01 +Comment = SEIS Project attribute +Description = SEIS at-personalIdentifier (1 2 752 34 3 1) + +# ANSI X9.57 + +OID = 06 06 2A 86 48 CE 38 01 +Comment = ANSI X9.57 +Description = module (1 2 840 10040 1) + +OID = 06 07 2A 86 48 CE 38 01 01 +Comment = ANSI X9.57 module +Description = x9f1-cert-mgmt (1 2 840 10040 1 1) + +OID = 06 06 2A 86 48 CE 38 02 +Comment = ANSI X9.57 +Description = holdinstruction (1 2 840 10040 2) + +OID = 06 07 2A 86 48 CE 38 02 01 +Comment = ANSI X9.57 hold instruction +Description = holdinstruction-none (1 2 840 10040 2 1) + +OID = 06 07 2A 86 48 CE 38 02 02 +Comment = ANSI X9.57 hold instruction +Description = callissuer (1 2 840 10040 2 2) + +OID = 06 07 2A 86 48 CE 38 02 03 +Comment = ANSI X9.57 hold instruction +Description = reject (1 2 840 10040 2 3) + +OID = 06 07 2A 86 48 CE 38 02 04 +Comment = ANSI X9.57 hold instruction +Description = pickupToken (1 2 840 10040 2 4) + +OID = 06 06 2A 86 48 CE 38 03 +Comment = ANSI X9.57 +Description = attribute (1 2 840 10040 3) + +OID = 06 06 2A 86 48 CE 38 03 01 +Comment = ANSI X9.57 attribute +Description = countersignature (1 2 840 10040 3 1) + +OID = 06 06 2A 86 48 CE 38 03 02 +Comment = ANSI X9.57 attribute +Description = attribute-cert (1 2 840 10040 3 2) + +OID = 06 06 2A 86 48 CE 38 04 +Comment = ANSI X9.57 +Description = algorithm (1 2 840 10040 4) + +OID = 06 07 2A 86 48 CE 38 04 01 +Comment = ANSI X9.57 algorithm +Description = dsa (1 2 840 10040 4 1) + +OID = 06 07 2A 86 48 CE 38 04 02 +Comment = ANSI X9.57 algorithm +Description = dsa-match (1 2 840 10040 4 2) + +OID = 06 07 2A 86 48 CE 38 04 03 +Comment = ANSI X9.57 algorithm +Description = dsaWithSha1 (1 2 840 10040 4 3) + +# ANSI X9.62 + +OID = 06 06 2A 86 48 CE 3D 01 +Comment = ANSI X9.62. This OID is also assigned as ecdsa-with-SHA1 +Description = fieldType (1 2 840 10045 1) + +OID = 06 07 2A 86 48 CE 3D 01 01 +Comment = ANSI X9.62 field type +Description = prime-field (1 2 840 10045 1 1) + +OID = 06 07 2A 86 48 CE 3D 01 02 +Comment = ANSI X9.62 field type +Description = characteristic-two-field (1 2 840 10045 1 2) + +OID = 06 08 2A 86 48 CE 3D 01 02 03 +Comment = ANSI X9.62 field type +Description = characteristic-two-basis (1 2 840 10045 1 2 3) + +OID = 06 09 2A 86 48 CE 3D 01 02 03 01 +Comment = ANSI X9.62 field basis +Description = onBasis (1 2 840 10045 1 2 3 1) + +OID = 06 09 2A 86 48 CE 3D 01 02 03 02 +Comment = ANSI X9.62 field basis +Description = tpBasis (1 2 840 10045 1 2 3 2) + +OID = 06 09 2A 86 48 CE 3D 01 02 03 03 +Comment = ANSI X9.62 field basis +Description = ppBasis (1 2 840 10045 1 2 3 3) + +# The definition for the following OID is somewhat confused, and is given as +# keyType, publicKeyType, and public-key-type, all within 4 lines of text. +# ecPublicKey is defined using the ID publicKeyType, so this is what's used +# here. +OID = 06 06 2A 86 48 CE 3D 02 +Comment = ANSI X9.62 +Description = publicKeyType (1 2 840 10045 2) + +OID = 06 07 2A 86 48 CE 3D 02 01 +Comment = ANSI X9.62 public key type +Description = ecPublicKey (1 2 840 10045 2 1) + +# ANSI X9.42 + +OID = 06 06 2A 86 48 CE 3E 01 +Comment = ANSI X9.42 +Description = fieldType (1 2 840 10046 1) + +OID = 06 07 2A 86 48 CE 3E 01 01 +Comment = ANSI X9.42 field type +Description = gf-prime (1 2 840 10046 1 1) + +OID = 06 06 2A 86 48 CE 3E 02 +Comment = ANSI X9.42 +Description = numberType (1 2 840 10046 2) + +OID = 06 07 2A 86 48 CE 3E 02 01 +Comment = ANSI X9.42 number type +Description = dhPublicKey (1 2 840 10046 2 1) + +OID = 06 06 2A 86 48 CE 3E 03 +Comment = ANSI X9.42 +Description = scheme (1 2 840 10046 3) + +OID = 06 07 2A 86 48 CE 3E 03 01 +Comment = ANSI X9.42 scheme +Description = dhStatic (1 2 840 10046 3 1) + +OID = 06 07 2A 86 48 CE 3E 03 02 +Comment = ANSI X9.42 scheme +Description = dhEphem (1 2 840 10046 3 2) + +OID = 06 07 2A 86 48 CE 3E 03 03 +Comment = ANSI X9.42 scheme +Description = dhHybrid1 (1 2 840 10046 3 3) + +OID = 06 07 2A 86 48 CE 3E 03 04 +Comment = ANSI X9.42 scheme +Description = dhHybrid2 (1 2 840 10046 3 4) + +OID = 06 07 2A 86 48 CE 3E 03 05 +Comment = ANSI X9.42 scheme +Description = mqv2 (1 2 840 10046 3 5) + +OID = 06 07 2A 86 48 CE 3E 03 06 +Comment = ANSI X9.42 scheme +Description = mqv1 (1 2 840 10046 3 6) + +# ASTM 31.20 + +OID = 06 07 2A 86 48 CE 51 02 02 +Comment = ASTM 31.20 +Description = ? (1 2 840 10065 2 2) + +OID = 06 07 2A 86 48 CE 51 02 03 +Comment = ASTM 31.20 +Description = healthcareLicense (1 2 840 10065 2 3) + +OID = 06 09 2A 86 48 CE 51 02 03 01 01 +Comment = ASTM 31.20 healthcare license type +Description = license? (1 2 840 10065 2 3 1 1) + +# Nortel Secure Networks/Entrust + +OID = 06 07 2A 86 48 86 F6 7D 07 +Description = nsn (1 2 840 113533 7) + +OID = 06 08 2A 86 48 86 F6 7D 07 41 +Description = nsn-ce (1 2 840 113533 7 65) + +OID = 06 09 2A 86 48 86 F6 7D 07 41 00 +Comment = Nortel Secure Networks ce +Description = entrustVersInfo (1 2 840 113533 7 65 0) + +OID = 06 08 2A 86 48 86 F6 7D 07 42 +Description = nsn-alg (1 2 840 113533 7 66) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 03 +Comment = Nortel Secure Networks alg +Description = cast3CBC (1 2 840 113533 7 66 3) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0A +Comment = Nortel Secure Networks alg +Description = cast5CBC (1 2 840 113533 7 66 10) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0B +Comment = Nortel Secure Networks alg +Description = cast5MAC (1 2 840 113533 7 66 11) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0C +Comment = Nortel Secure Networks alg +Description = pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0D +Comment = Nortel Secure Networks alg +Description = passwordBasedMac (1 2 840 113533 7 66 13) + +OID = 06 08 2A 86 48 86 F6 7D 07 43 +Description = nsn-oc (1 2 840 113533 7 67) + +OID = 06 09 2A 86 48 86 F6 7D 07 43 0C +Comment = Nortel Secure Networks oc +Description = entrustUser (1 2 840 113533 7 67 0) + +OID = 06 08 2A 86 48 86 F6 7D 07 44 +Description = nsn-at (1 2 840 113533 7 68) + +OID = 06 09 2A 86 48 86 F6 7D 07 44 00 +Comment = Nortel Secure Networks at +Description = entrustCAInfo (1 2 840 113533 7 68 0) + +OID = 06 09 2A 86 48 86 F6 7D 07 44 0A +Comment = Nortel Secure Networks at +Description = attributeCertificate (1 2 840 113533 7 68 10) + +# PKCS #1 + +OID = 06 08 2A 86 48 86 F7 0D 01 01 +Description = pkcs-1 (1 2 840 113549 1 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 01 +Comment = PKCS #1 +Description = rsaEncryption (1 2 840 113549 1 1 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 02 +Comment = PKCS #1 +Description = md2withRSAEncryption (1 2 840 113549 1 1 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 03 +Comment = PKCS #1 +Description = md4withRSAEncryption (1 2 840 113549 1 1 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 04 +Comment = PKCS #1 +Description = md5withRSAEncryption (1 2 840 113549 1 1 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 05 +Comment = PKCS #1 +Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 07 +Comment = PKCS #1 +Description = rsaOAEP (1 2 840 113549 1 1 7) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 08 +Comment = PKCS #1 +Description = rsaOAEP-MGF (1 2 840 113549 1 1 8) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 09 +Comment = PKCS #1 +Description = rsaOAEP-pSpecified (1 2 840 113549 1 1 9) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 0A +Comment = PKCS #1 +Description = rsaPSS (1 2 840 113549 1 1 10) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 0B +Comment = PKCS #1 +Description = sha256WithRSAEncryption (1 2 840 113549 1 1 11) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 0C +Comment = PKCS #1 +Description = sha384WithRSAEncryption (1 2 840 113549 1 1 12) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 0D +Comment = PKCS #1 +Description = sha512WithRSAEncryption (1 2 840 113549 1 1 13) + +# There is some confusion over the identity of the following OID. The OAEP +# one is more recent, but independant vendors have already used the RIPEMD +# one, however it's likely that SET will be a bigger hammer (at least as a +# standard) so we report it as that. +OID = 06 09 2A 86 48 86 F7 0D 01 01 06 +Comment = PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption +Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6) +# ripemd160WithRSAEncryption (1 2 840 113549 1 1 6) + +# BSAFE/PKCS #2 (obsolete) + +OID = 06 08 2A 86 48 86 F7 0D 01 01 +Comment = Obsolete BSAFE OID +Description = bsafeRsaEncr (1 2 840 113549 1 2) +Warning + +# PKCS #3 + +OID = 06 08 2A 86 48 86 F7 0D 01 03 +Description = pkcs-3 + +OID = 06 09 2A 86 48 86 F7 0D 01 03 01 +Comment = PKCS #3 +Description = dhKeyAgreement (1 2 840 113549 1 3 1) + +# PKCS #5 + +OID = 06 08 2A 86 48 86 F7 0D 01 05 +Description = pkcs-5 + +OID = 06 09 2A 86 48 86 F7 0D 01 05 01 +Comment = PKCS #5 +Description = pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 03 +Comment = PKCS #5 +Description = pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 04 +Comment = PKCS #5 +Description = pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 06 +Comment = PKCS #5 +Description = pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 09 +Comment = PKCS #5, used in BSAFE only +Description = pbeWithMD5AndXOR (1 2 840 113549 1 5 9) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 05 0A +Comment = PKCS #5 +Description = pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 0C +Comment = PKCS #5 v2.0 +Description = pkcs5PBKDF2 (1 2 840 113549 1 5 12) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 0D +Comment = PKCS #5 v2.0 +Description = pkcs5PBES2 (1 2 840 113549 1 5 13) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 0E +Comment = PKCS #5 v2.0 +Description = pkcs5PBMAC1 (1 2 840 113549 1 5 14) + +# PKCS #7 + +OID = 06 08 2A 86 48 86 F7 0D 01 07 +Description = pkcs-7 + +OID = 06 09 2A 86 48 86 F7 0D 01 07 01 +Comment = PKCS #7 +Description = data (1 2 840 113549 1 7 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 02 +Comment = PKCS #7 +Description = signedData (1 2 840 113549 1 7 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 03 +Comment = PKCS #7 +Description = envelopedData (1 2 840 113549 1 7 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 04 +Comment = PKCS #7 +Description = signedAndEnvelopedData (1 2 840 113549 1 7 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 05 +Comment = PKCS #7 +Description = digestedData (1 2 840 113549 1 7 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 06 +Comment = PKCS #7 +Description = encryptedData (1 2 840 113549 1 7 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 07 +Comment = PKCS #7 experimental +Description = dataWithAttributes (1 2 840 113549 1 7 7) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 07 08 +Comment = PKCS #7 experimental +Description = encryptedPrivateKeyInfo (1 2 840 113549 1 7 8) +Warning + +# PKCS #9 + +OID = 06 08 2A 86 48 86 F7 0D 01 09 +Description = pkcs-9 (1 2 840 113549 1 9) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 01 +Comment = PKCS #9. Deprecated, use an altName extension instead +Description = emailAddress (1 2 840 113549 1 9 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 02 +Comment = PKCS #9 +Description = unstructuredName (1 2 840 113549 1 9 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 03 +Comment = PKCS #9 +Description = contentType (1 2 840 113549 1 9 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 04 +Comment = PKCS #9 +Description = messageDigest (1 2 840 113549 1 9 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 05 +Comment = PKCS #9 +Description = signingTime (1 2 840 113549 1 9 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 06 +Comment = PKCS #9 +Description = countersignature (1 2 840 113549 1 9 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 07 +Comment = PKCS #9 +Description = challengePassword (1 2 840 113549 1 9 7) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 08 +Comment = PKCS #9 +Description = unstructuredAddress (1 2 840 113549 1 9 8) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 09 +Comment = PKCS #9 +Description = extendedCertificateAttributes (1 2 840 113549 1 9 9) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0A +Comment = PKCS #9 experimental +Description = issuerAndSerialNumber (1 2 840 113549 1 9 10) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0B +Comment = PKCS #9 experimental +Description = passwordCheck (1 2 840 113549 1 9 11) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0C +Comment = PKCS #9 experimental +Description = publicKey (1 2 840 113549 1 9 12) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0D +Comment = PKCS #9 +Description = signingDescription (1 2 840 113549 1 9 13) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0E +Comment = PKCS #9 via CRMF +Description = extensionRequest (1 2 840 113549 1 9 14) + +# PKCS #9 for use with S/MIME + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0F +Comment = PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name +Description = sMIMECapabilities (1 2 840 113549 1 9 15) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 01 +Comment = sMIMECapabilities +Description = preferSignedData (1 2 840 113549 1 9 15 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 02 +Comment = sMIMECapabilities +Description = canNotDecryptAny (1 2 840 113549 1 9 15 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 03 +Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 1) instead +Description = receiptRequest (1 2 840 113549 1 9 15 3) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 04 +Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 1 1) instead +Description = receipt (1 2 840 113549 1 9 15 4) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 05 +Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 4) instead +Description = contentHints (1 2 840 113549 1 9 15 5) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 06 +Comment = sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 3) instead +Description = mlExpansionHistory (1 2 840 113549 1 9 15 6) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 10 +Comment = PKCS #9 +Description = id-sMIME (1 2 840 113549 1 9 16) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 00 +Comment = id-sMIME +Description = id-mod (1 2 840 113549 1 9 16 0) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 01 +Comment = S/MIME Modules +Description = id-mod-cms (1 2 840 113549 1 9 16 0 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 02 +Comment = S/MIME Modules +Description = id-mod-ess (1 2 840 113549 1 9 16 0 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 03 +Comment = S/MIME Modules +Description = id-mod-oid (1 2 840 113549 1 9 16 0 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 04 +Comment = S/MIME Modules +Description = id-mod-msg-v3 (1 2 840 113549 1 9 16 0 4) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 05 +Comment = S/MIME Modules +Description = id-mod-ets-eSignature-88 (1 2 840 113549 1 9 16 0 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 06 +Comment = S/MIME Modules +Description = id-mod-ets-eSignature-97 (1 2 840 113549 1 9 16 0 6) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 07 +Comment = S/MIME Modules +Description = id-mod-ets-eSigPolicy-88 (1 2 840 113549 1 9 16 0 7) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 08 +Comment = S/MIME Modules +Description = id-mod-ets-eSigPolicy-88 (1 2 840 113549 1 9 16 0 8) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 01 +Comment = S/MIME +Description = contentType (1 2 840 113549 1 9 16 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 01 +Comment = S/MIME Content Types +Description = receipt (1 2 840 113549 1 9 16 1 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 02 +Comment = S/MIME Content Types +Description = authData (1 2 840 113549 1 9 16 1 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 03 +Comment = S/MIME Content Types +Description = publishCert (1 2 840 113549 1 9 16 1 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 04 +Comment = S/MIME Content Types +Description = tSTInfo (1 2 840 113549 1 9 16 1 4) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 05 +Comment = S/MIME Content Types +Description = tDTInfo (1 2 840 113549 1 9 16 1 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 06 +Comment = S/MIME Content Types +Description = contentInfo (1 2 840 113549 1 9 16 1 6) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 07 +Comment = S/MIME Content Types +Description = dVCSRequestData (1 2 840 113549 1 9 16 1 7) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 08 +Comment = S/MIME Content Types +Description = dVCSResponseData (1 2 840 113549 1 9 16 1 8) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 09 +Comment = S/MIME Content Types +Description = compressedData (1 2 840 113549 1 9 16 1 9) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 02 +Comment = S/MIME +Description = authenticatedAttributes (1 2 840 113549 1 9 16 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 01 +Comment = S/MIME Authenticated Attributes +Description = receiptRequest (1 2 840 113549 1 9 16 2 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 02 +Comment = S/MIME Authenticated Attributes +Description = securityLabel (1 2 840 113549 1 9 16 2 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 03 +Comment = S/MIME Authenticated Attributes +Description = mlExpandHistory (1 2 840 113549 1 9 16 2 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 04 +Comment = S/MIME Authenticated Attributes +Description = contentHint (1 2 840 113549 1 9 16 2 4) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 05 +Comment = S/MIME Authenticated Attributes +Description = msgSigDigest (1 2 840 113549 1 9 16 2 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 06 +Comment = S/MIME Authenticated Attributes. Obsolete +Description = encapContentType (1 2 840 113549 1 9 16 2 6) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 07 +Comment = S/MIME Authenticated Attributes +Description = contentIdentifier (1 2 840 113549 1 9 16 2 7) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 08 +Comment = S/MIME Authenticated Attributes. Obsolete +Description = macValue (1 2 840 113549 1 9 16 2 8) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 09 +Comment = S/MIME Authenticated Attributes +Description = equivalentLabels (1 2 840 113549 1 9 16 2 9) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A +Comment = S/MIME Authenticated Attributes +Description = contentReference (1 2 840 113549 1 9 16 2 10) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0B +Comment = S/MIME Authenticated Attributes +Description = encrypKeyPref (1 2 840 113549 1 9 16 2 11) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0C +Comment = S/MIME Authenticated Attributes +Description = signingCertificate (1 2 840 113549 1 9 16 2 12) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0D +Comment = S/MIME Authenticated Attributes +Description = smimeEncryptCerts (1 2 840 113549 1 9 16 2 13) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0E +Comment = S/MIME Authenticated Attributes +Description = timeStampToken (1 2 840 113549 1 9 16 2 14) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0F +Comment = S/MIME Authenticated Attributes +Description = sigPolicyId (1 2 840 113549 1 9 16 2 15) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 10 +Comment = S/MIME Authenticated Attributes +Description = commitmentType (1 2 840 113549 1 9 16 2 16) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 11 +Comment = S/MIME Authenticated Attributes +Description = signerLocation (1 2 840 113549 1 9 16 2 17) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 12 +Comment = S/MIME Authenticated Attributes +Description = signerAttr (1 2 840 113549 1 9 16 2 18) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 13 +Comment = S/MIME Authenticated Attributes +Description = otherSigCert (1 2 840 113549 1 9 16 2 19) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 14 +Comment = S/MIME Authenticated Attributes +Description = contentTimestamp (1 2 840 113549 1 9 16 2 20) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 15 +Comment = S/MIME Authenticated Attributes +Description = certificateRefs (1 2 840 113549 1 9 16 2 21) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 16 +Comment = S/MIME Authenticated Attributes +Description = revocationRefs (1 2 840 113549 1 9 16 2 22) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 17 +Comment = S/MIME Authenticated Attributes +Description = certValues (1 2 840 113549 1 9 16 2 23) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 18 +Comment = S/MIME Authenticated Attributes +Description = revocationValues (1 2 840 113549 1 9 16 2 24) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 19 +Comment = S/MIME Authenticated Attributes +Description = escTimeStamp (1 2 840 113549 1 9 16 2 25) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1A +Comment = S/MIME Authenticated Attributes +Description = certCRLTimestamp (1 2 840 113549 1 9 16 2 26) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1B +Comment = S/MIME Authenticated Attributes +Description = archiveTimeStamp (1 2 840 113549 1 9 16 2 27) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1C +Comment = S/MIME Authenticated Attributes +Description = signatureType (1 2 840 113549 1 9 16 2 28) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 1D +Comment = S/MIME Authenticated Attributes +Description = dvcs-dvc (1 2 840 113549 1 9 16 2 29) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 01 +Comment = S/MIME Algorithms. Obsolete +Description = algESDHwith3DES (1 2 840 113549 1 9 16 3 1) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 02 +Comment = S/MIME Algorithms. Obsolete +Description = algESDHwithRC2 (1 2 840 113549 1 9 16 3 2) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 03 +Comment = S/MIME Algorithms. Obsolete +Description = alg3DESwrap (1 2 840 113549 1 9 16 3 3) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 04 +Comment = S/MIME Algorithms. Obsolete +Description = algRC2wrap (1 2 840 113549 1 9 16 3 4) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 05 +Comment = S/MIME Algorithms +Description = esDH (1 2 840 113549 1 9 16 3 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 06 +Comment = S/MIME Algorithms +Description = cms3DESwrap (1 2 840 113549 1 9 16 3 6) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 07 +Comment = S/MIME Algorithms +Description = cmsRC2wrap (1 2 840 113549 1 9 16 3 7) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08 +Comment = S/MIME Algorithms +Description = zlib (1 2 840 113549 1 9 16 3 8) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 03 09 +Comment = S/MIME Algorithms +Description = pwri-KEK (1 2 840 113549 1 9 16 3 9) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 04 01 +Comment = S/MIME Certificate Distribution +Description = certDist-ldap (1 2 840 113549 1 9 16 4 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 05 01 +Comment = S/MIME Signature Policy Qualifier +Description = sigPolicyQualifier-spuri (1 2 840 113549 1 9 16 5 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 05 02 +Comment = S/MIME Signature Policy Qualifier +Description = sigPolicyQualifier-spUserNotice (1 2 840 113549 1 9 16 5 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 01 +Comment = S/MIME +Description = proofOfOrigin (1 2 840 113549 1 9 16 6 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 02 +Comment = S/MIME +Description = proofOfReceipt (1 2 840 113549 1 9 16 6 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 03 +Comment = S/MIME +Description = proofOfDelivery (1 2 840 113549 1 9 16 6 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 04 +Comment = S/MIME +Description = proofOfSender (1 2 840 113549 1 9 16 6 4) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 05 +Comment = S/MIME +Description = proofOfApproval (1 2 840 113549 1 9 16 6 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 06 06 +Comment = S/MIME +Description = proofOfCreation (1 2 840 113549 1 9 16 6 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0F +Comment = PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name +Description = sMIMECapabilities (1 2 840 113549 1 9 15) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 09 +Comment = S/MIME +Description = signatureTypeIdentifier (1 2 840 113549 1 9 16 9) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 09 01 +Comment = S/MIME Signature Type Identifier +Description = originatorSig (1 2 840 113549 1 9 16 9 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 09 02 +Comment = S/MIME Signature Type Identifier +Description = domainSig (1 2 840 113549 1 9 16 9 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 09 03 +Comment = S/MIME Signature Type Identifier +Description = additionalAttributesSig (1 2 840 113549 1 9 16 9 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 09 04 +Comment = S/MIME Signature Type Identifier +Description = reviewSig (1 2 840 113549 1 9 16 9 4) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 0B +Comment = S/MIME +Description = capabilities (1 2 840 113549 1 9 16 11) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 0B 01 +Comment = S/MIME Capability +Description = preferBinaryInside (1 2 840 113549 1 9 16 11 1) + +# PKCS #9 for use with PKCS #12 + +OID = 06 09 2A 86 48 86 F7 0D 01 09 14 +Comment = PKCS #9 via PKCS #12 +Description = friendlyName (for PKCS #12) (1 2 840 113549 1 9 20) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 15 +Comment = PKCS #9 via PKCS #12 +Description = localKeyID (for PKCS #12) (1 2 840 113549 1 9 21) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 16 +Comment = PKCS #9 via PKCS #12 +Description = certTypes (for PKCS #12) (1 2 840 113549 1 9 22) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 01 +Comment = PKCS #9 via PKCS #12 +Description = x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 02 +Comment = PKCS #9 via PKCS #12 +Description = sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 17 +Comment = PKCS #9 via PKCS #12 +Description = crlTypes (for PKCS #12) (1 2 840 113549 1 9 23) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 17 01 +Comment = PKCS #9 via PKCS #12 +Description = x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1) + +# PKCS #9, another set of branches used for accumulating further cruft + +OID = 06 09 2A 86 48 86 F7 0D 01 09 18 +Comment = PKCS #9/RFC 2985 +Description = pkcs9objectClass (1 2 840 113549 1 9 24) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 19 +Comment = PKCS #9/RFC 2985 +Description = pkcs9attributes (1 2 840 113549 1 9 25) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 19 01 +Comment = PKCS #9/RFC 2985 attribute +Description = pkcs15Token (1 2 840 113549 1 9 25 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 19 02 +Comment = PKCS #9/RFC 2985 attribute +Description = encryptedPrivateKeyInfo (1 2 840 113549 1 9 25 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 19 03 +Comment = PKCS #9/RFC 2985 attribute +Description = randomNonce (1 2 840 113549 1 9 25 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 19 04 +Comment = PKCS #9/RFC 2985 attribute +Description = sequenceNumber (1 2 840 113549 1 9 25 4) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 19 05 +Comment = PKCS #9/RFC 2985 attribute +Description = pkcs7PDU (1 2 840 113549 1 9 25 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 1A +Comment = PKCS #9/RFC 2985 +Description = pkcs9syntax (1 2 840 113549 1 9 1A) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 1B +Comment = PKCS #9/RFC 2985 +Description = pkcs9matchingRules (1 2 840 113549 1 9 1B) + +# PKCS #12. Note that current PKCS #12 implementations tend to be strange and +# peculiar, with implementors misusing OIDs or basing their work on earlier PFX +# drafts or defining their own odd OIDs. In addition the PFX/PKCS #12 spec +# itself is full of errors and inconsistencies, and a number of OIDs have been +# redefined in different drafts (often multiple times), which doesn't make the +# implementors job any easier. + +OID = 06 08 2A 86 48 86 F7 0D 01 0C +Description = pkcs-12 (1 2 840 113549 1 12) + +OID = 06 09 2A 86 48 86 F7 0D 01 0C 01 +Comment = This OID was formerly assigned as PKCS #12 modeID +Description = pkcs-12-PbeIds (1 2 840 113549 1 12 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 01 +Comment = PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OfflineTransportMode +Description = pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 02 +Comment = PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OnlineTransportMode +Description = pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 03 +Comment = PKCS #12 PbeIds +Description = pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 04 +Comment = PKCS #12 PbeIds +Description = pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 05 +Comment = PKCS #12 PbeIds +Description = pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 06 +Comment = PKCS #12 PbeIds +Description = pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 0C 02 +Comment = Deprecated +Description = pkcs-12-ESPVKID (1 2 840 113549 1 12 2) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 02 01 +Comment = PKCS #12 ESPVKID. Deprecated, use (1 2 840 113549 1 12 3 5) instead +Description = pkcs-12-PKCS8KeyShrouding (1 2 840 113549 1 12 2 1) +Warning + +# The following appear to have been redefined yet again at 12 10 in the latest +# PKCS #12 spec. +OID = 06 09 2A 86 48 86 F7 0D 01 0C 03 +Description = pkcs-12-BagIds (1 2 840 113549 1 12 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 01 +Comment = PKCS #12 BagIds +Description = pkcs-12-keyBagId (1 2 840 113549 1 12 3 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 02 +Comment = PKCS #12 BagIds +Description = pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 03 +Comment = PKCS #12 BagIds +Description = pkcs-12-secretBagId (1 2 840 113549 1 12 3 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 04 +Comment = PKCS #12 BagIds +Description = pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 05 +Comment = PKCS #12 BagIds +Description = pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 0C 04 +Comment = Deprecated +Description = pkcs-12-CertBagID (1 2 840 113549 1 12 4) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 01 +Comment = PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-X509CertCRLBag +Description = pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 02 +Comment = PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-SDSICertBag +Description = pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2) + +# The following are from PFX. The ... 5 1 values have been reassigned to OIDs +# with incompatible algorithms at ... 1, the 5 2 values seem to have vanished. +OID = 06 09 2A 86 48 86 F7 0D 01 0C 05 +Description = pkcs-12-OID +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 01 +Comment = PKCS #12 OID. Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead +Description = pkcs-12-PBEID (1 2 840 113549 1 12 5 1) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 01 +Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 1) instead +Description = pkcs-12-PBEWithSha1And128BitRC4 (1 2 840 113549 1 12 5 1 1) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 02 +Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 2) instead +Description = pkcs-12-PBEWithSha1And40BitRC4 (1 2 840 113549 1 12 5 1 2) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 03 +Comment = PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead +Description = pkcs-12-PBEWithSha1AndTripleDESCBC (1 2 840 113549 1 12 5 1 3) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 04 +Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 5) instead +Description = pkcs-12-PBEWithSha1And128BitRC2CBC (1 2 840 113549 1 12 5 1 4) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 05 +Comment = PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 6) instead +Description = pkcs-12-PBEWithSha1And40BitRC2CBC (1 2 840 113549 1 12 5 1 5) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 06 +Comment = PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead +Description = pkcs-12-PBEWithSha1AndRC4 (1 2 840 113549 1 12 5 1 6) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 07 +Comment = PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead +Description = pkcs-12-PBEWithSha1AndRC2CBC (1 2 840 113549 1 12 5 1 7) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 02 +Description = pkcs-12-EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 01 +Comment = PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSAEncryptionWith128BitRC4 (1 2 840 113549 1 12 5 2 1) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 02 +Comment = PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSAEncryptionWith40BitRC4 (1 2 840 113549 1 12 5 2 2) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 03 +Comment = PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSAEncryptionWithTripleDES (1 2 840 113549 1 12 5 2 3) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 03 +Description = pkcs-12-SignatureID. Deprecated, use the conventional PKCS #1 OIDs instead +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 03 01 +Comment = PKCS #12 OID SignatureID. Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSASignatureWithSHA1Digest (1 2 840 113549 1 12 5 3 1) +Warning + +# Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different +# order than the last redefinition at ... 12 3. +OID = 06 09 2A 86 48 86 F7 0D 01 0C 0A +Description = pkcs-12Version1 + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 0A 01 +Description = pkcs-12BadIds + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01 +Comment = PKCS #12 BagIds +Description = pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02 +Comment = PKCS #12 BagIds +Description = pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03 +Comment = PKCS #12 BagIds +Description = pkcs-12-certBag (1 2 840 113549 1 12 10 1 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04 +Comment = PKCS #12 BagIds +Description = pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05 +Comment = PKCS #12 BagIds +Description = pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06 +Comment = PKCS #12 BagIds +Description = pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6) + +# PKCS #15 + +OID = 06 09 2A 86 48 86 F7 0D 01 0F 01 +Comment = PKCS #15 +Description = pkcs15modules (1 2 840 113549 1 15 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 0F 02 +Comment = PKCS #15 +Description = pkcs15attributes (1 2 840 113549 1 15 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 0F 03 +Comment = PKCS #15 +Description = pkcs15contentType (1 2 840 113549 1 15 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0F 03 01 +Comment = PKCS #15 content type +Description = pkcs15content (1 2 840 113549 1 15 3 1) + +# RSADSI digest algorithms + +OID = 06 07 2A 86 48 86 F7 0D 02 +Description = digestAlgorithm + +OID = 06 08 2A 86 48 86 F7 0D 02 02 +Comment = RSADSI digestAlgorithm +Description = md2 (1 2 840 113549 2 2) + +OID = 06 08 2A 86 48 86 F7 0D 02 04 +Comment = RSADSI digestAlgorithm +Description = md4 (1 2 840 113549 2 4) + +OID = 06 08 2A 86 48 86 F7 0D 02 05 +Comment = RSADSI digestAlgorithm +Description = md5 (1 2 840 113549 2 5) + +OID = 06 08 2A 86 48 86 F7 0D 02 07 +Comment = RSADSI digestAlgorithm +Description = hmacWithSHA1 (1 2 840 113549 2 7) + +# RSADSI encryption algorithms + +OID = 06 07 2A 86 48 86 F7 0D 03 +Description = encryptionAlgorithm + +OID = 06 08 2A 86 48 86 F7 0D 03 02 +Comment = RSADSI encryptionAlgorithm +Description = rc2CBC (1 2 840 113549 3 2) + +OID = 06 08 2A 86 48 86 F7 0D 03 03 +Comment = RSADSI encryptionAlgorithm +Description = rc2ECB (1 2 840 113549 3 3) + +OID = 06 08 2A 86 48 86 F7 0D 03 04 +Comment = RSADSI encryptionAlgorithm +Description = rc4 (1 2 840 113549 3 4) + +OID = 06 08 2A 86 48 86 F7 0D 03 05 +Comment = RSADSI encryptionAlgorithm +Description = rc4WithMAC (1 2 840 113549 3 5) + +OID = 06 08 2A 86 48 86 F7 0D 03 06 +Comment = RSADSI encryptionAlgorithm +Description = desx-CBC (1 2 840 113549 3 6) + +OID = 06 08 2A 86 48 86 F7 0D 03 07 +Comment = RSADSI encryptionAlgorithm +Description = des-EDE3-CBC (1 2 840 113549 3 7) + +OID = 06 08 2A 86 48 86 F7 0D 03 08 +Comment = RSADSI encryptionAlgorithm +Description = rc5CBC (1 2 840 113549 3 8) + +OID = 06 08 2A 86 48 86 F7 0D 03 09 +Comment = RSADSI encryptionAlgorithm +Description = rc5-CBCPad (1 2 840 113549 3 9) + +OID = 06 08 2A 86 48 86 F7 0D 03 0A +Comment = RSADSI encryptionAlgorithm. Formerly called CDMFCBCPad +Description = desCDMF (1 2 840 113549 3 10) + +# Identrus + +OID = 06 09 2A 86 48 86 FA 65 01 06 01 +Comment = Identrus +Description = Identrus unknown policyIdentifier (1 2 840 114021 1 6 1) + +OID = 06 08 2A 86 48 86 FA 65 04 01 +Comment = Identrus +Description = identrusOCSP (1 2 840 114021 4 1) + +# Microsoft (both 1 2 840 and 1 3 6 1 4 1 arcs) + +OID = 06 09 2A 86 48 86 F7 14 01 03 00 +Comment = Microsoft Exchange Server - object class +Description = site-Addressing (1 2 840 113556 1 3 00) + +OID = 06 09 2A 86 48 86 F7 14 01 03 0D +Comment = Microsoft Exchange Server - object class +Description = classSchema (1 2 840 113556 1 3 13) + +OID = 06 09 2A 86 48 86 F7 14 01 03 0E +Comment = Microsoft Exchange Server - object class +Description = attributeSchema (1 2 840 113556 1 3 14) + +OID = 06 09 2A 86 48 86 F7 14 01 03 11 +Comment = Microsoft Exchange Server - object class +Description = mailbox-Agent (1 2 840 113556 1 3 174) + +OID = 06 09 2A 86 48 86 F7 14 01 03 16 +Comment = Microsoft Exchange Server - object class +Description = mailbox (1 2 840 113556 1 3 22) + +OID = 06 09 2A 86 48 86 F7 14 01 03 17 +Comment = Microsoft Exchange Server - object class +Description = container (1 2 840 113556 1 3 23) + +OID = 06 09 2A 86 48 86 F7 14 01 03 2E +Comment = Microsoft Exchange Server - object class +Description = mailRecipient (1 2 840 113556 1 3 46) + +OID = 06 09 2A 86 48 86 F7 14 01 02 81 71 +Comment = Microsoft Exchange Server - attribute +Description = deliveryMechanism (1 2 840 113556 1 2 241) + +OID = 06 08 2A 86 48 86 F7 14 04 03 +Comment = Microsoft +Description = microsoftExcel (1 2 840 113556 4 3) + +OID = 06 08 2A 86 48 86 F7 14 04 04 +Comment = Microsoft +Description = titledWithOID (1 2 840 113556 4 4) + +OID = 06 08 2A 86 48 86 F7 14 04 05 +Comment = Microsoft +Description = microsoftPowerPoint (1 2 840 113556 4 5) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 04 +Comment = Microsoft code signing +Description = spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0A +Comment = Microsoft code signing. Also known as policyLink +Description = spcAgencyInfo (1 3 6 1 4 1 311 2 1 10) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0B +Comment = Microsoft code signing +Description = spcStatementType (1 3 6 1 4 1 311 2 1 11) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0C +Comment = Microsoft code signing +Description = spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0E +Comment = Microsoft +Description = certReqExtensions (1 3 6 1 4 1 311 2 1 14) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0F +Comment = Microsoft code signing +Description = spcPEImageData (1 3 6 1 4 1 311 2 1 15) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 12 +Comment = Microsoft code signing +Description = spcRawFileData (1 3 6 1 4 1 311 2 1 18) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 13 +Comment = Microsoft code signing +Description = spcStructuredStorageData (1 3 6 1 4 1 311 2 1 19) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 14 +Comment = Microsoft code signing. Formerly "link extension" aka "glue extension" +Description = spcJavaClassData (type 1) (1 3 6 1 4 1 311 2 1 20) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 15 +Comment = Microsoft +Description = individualCodeSigning (1 3 6 1 4 1 311 2 1 21) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 16 +Comment = Microsoft +Description = commercialCodeSigning (1 3 6 1 4 1 311 2 1 22) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 19 +Comment = Microsoft code signing. Also known as "glue extension" +Description = spcLink (type 2) (1 3 6 1 4 1 311 2 1 25) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 1A +Comment = Microsoft code signing +Description = spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 1B +Comment = Microsoft code signing +Description = spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 1C +Comment = Microsoft code signing. Also known as "glue extension" +Description = spcLink (type 3) (1 3 6 1 4 1 311 2 1 28) + +OID = 06 0A 2B 06 01 04 01 82 37 03 02 01 +Comment = Microsoft code signing +Description = timestampRequest (1 3 6 1 4 1 311 3 2 1) + +OID = 06 09 2B 06 01 04 01 82 37 0A 01 +Comment = Microsoft PKCS #7 contentType +Description = certTrustList (1 3 6 1 4 1 311 10 1) + +OID = 06 09 2B 06 01 04 01 82 37 0A 02 +Comment = Microsoft +Description = nextUpdateLocation (1 3 6 1 4 1 311 10 2) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 01 +Comment = Microsoft enhanced key usage +Description = certTrustListSigning (1 3 6 1 4 1 311 10 3 1) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 02 +Comment = Microsoft enhanced key usage +Description = timeStampSigning (1 3 6 1 4 1 311 10 3 2) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 03 +Comment = Microsoft enhanced key usage +Description = serverGatedCrypto (1 3 6 1 4 1 311 10 3 3) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 04 +Comment = Microsoft enhanced key usage +Description = encryptedFileSystem (1 3 6 1 4 1 311 10 3 4) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 04 01 +Comment = Microsoft attribute +Description = yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1) + +# CAPI cert enrolment CSP, contains a BMPString describing the CAPI level and +# a BIT STRING blob containing a key spec +OID = 06 0A 2B 06 01 04 01 82 37 0D 02 02 +Comment = Microsoft attribute +Description = enrolmentCSP (1 3 6 1 4 1 311 13 2 2) + +# Windows OS version +OID = 06 0A 2B 06 01 04 01 82 37 0D 02 03 +Comment = Microsoft attribute +Description = osVersion (1 3 6 1 4 1 311 13 2 3) + +# This is just the normal issuerAndSerialNumber but with a MS-specific OID. +# Apparently it's used for CryptEncode/DecodeObject, whatever that is. +OID = 06 09 2B 06 01 04 01 82 37 10 04 +Comment = Microsoft attribute +Description = microsoftRecipientInfo (1 3 6 1 4 1 311 16 4) + +# Win2K CA certificate key/cert counter, high 16 bits = key index, low 16 bits +# = cert index. Key index is inc'd when a CA gets a new key, cert index is +# inc'd when a CA gets a new cert (ie recertifies a current key). This +# extension has two purposes, as a hint to rebuild key/cert lists when a Win2K +# CA is restored, and as a poster boy for the kind of crap that people are +# shovelling into certs which has no place there +OID = 06 09 2B 06 01 04 01 82 37 15 01 +Comment = Microsoft attribute +Description = cAKeyCertIndexPair (1 3 6 1 4 1 311 21 1) + +OID = 06 09 2B 06 01 04 01 82 37 15 02 +Comment = Microsoft CAPICOM certificate template, V1 +Description = enrollCerttypeExtension (1 3 6 1 4 1 311 20 2) + +OID = 06 09 2B 06 01 04 01 82 37 15 07 +Comment = Microsoft CAPICOM certificate template, V2 +Description = certificateTemplate (1 3 6 1 4 1 311 21 7) + +# This one is at least as bad as cAKeyCertIndexPair: The first part of +# the arc, 1 3 6 1 4 1 311 21 8, is fixed, then 6 32-bit values are +# randomly generated and appended to create the full semi-random OID. +# Obviously it's not possible to usefull display these things... +# Comment = Microsoft braindamage +# Description = autoEnrollEFS (1 3 6 1 4 1 311 21 8 x x x x x x) + +# CAPICOM original filename (something to do with signed files?) +OID = 06 0A 2B 06 01 04 01 82 37 58 02 01 +Comment = Microsoft attribute +Description = originalFilename (1 3 6 1 4 1 311 88 2 1) + +# Ascom Systech + +OID = 06 0A 2B 06 01 04 01 81 3C 07 01 01 +Comment = Ascom Systech +Description = ascom (1 3 6 1 4 1 188 7 1 1) + +OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 01 +Comment = Ascom Systech +Description = ideaECB (1 3 6 1 4 1 188 7 1 1 1) + +OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 02 +Comment = Ascom Systech +Description = ideaCBC (1 3 6 1 4 1 188 7 1 1 2) + +OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 03 +Comment = Ascom Systech +Description = ideaCFB (1 3 6 1 4 1 188 7 1 1 3) + +OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 04 +Comment = Ascom Systech +Description = ideaOFB (1 3 6 1 4 1 188 7 1 1 4) + +# UNINETT + +OID = 06 0A 2B 06 01 04 01 92 7C 0A 01 01 +Comment = UNINETT PCA +Description = UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1) + +# ICE-TEL + +OID = 06 08 2B 06 01 04 01 95 18 0A +Comment = ICE-TEL CA +Description = ICE-TEL policyIdentifier (1 3 6 1 4 1 2712 10) + +OID = 06 0A 2B 06 01 04 01 95 62 01 01 01 +Comment = ICE-TEL CA policy +Description = ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1) + +# cryptlib + +OID = 06 0A 2B 06 01 04 01 97 55 01 01 01 +Comment = cryptlib encryption algorithm +Description = blowfishECB (1 3 6 1 4 1 3029 1 1 1) + +OID = 06 0A 2B 06 01 04 01 97 55 01 01 02 +Comment = cryptlib encryption algorithm +Description = blowfishCBC (1 3 6 1 4 1 3029 1 1 2) + +OID = 06 0A 2B 06 01 04 01 97 55 01 01 03 +Comment = cryptlib encryption algorithm +Description = blowfishCFB (1 3 6 1 4 1 3029 1 1 3) + +OID = 06 0A 2B 06 01 04 01 97 55 01 01 04 +Comment = cryptlib encryption algorithm +Description = blowfishOFB (1 3 6 1 4 1 3029 1 1 4) + +OID = 06 0A 2B 06 01 04 01 97 55 01 02 01 +Comment = cryptlib public-key algorithm +Description = elgamal (1 3 6 1 4 1 3029 1 2 1) + +OID = 06 0B 2B 06 01 04 01 97 55 01 02 01 01 +Comment = cryptlib public-key algorithm +Description = elgamalWithSHA-1 (1 3 6 1 4 1 3029 1 2 1 1) + +OID = 06 0B 2B 06 01 04 01 97 55 01 02 01 02 +Comment = cryptlib public-key algorithm +Description = elgamalWithRIPEMD-160 (1 3 6 1 4 1 3029 1 2 1 2) + +OID = 06 0A 2B 06 01 04 01 97 55 03 01 01 +Comment = cryptlib attribute type +Description = cryptlibPresenceCheck (1 3 6 1 4 1 3029 3 1 1) + +OID = 06 0A 2B 06 01 04 01 97 55 03 01 02 +Comment = cryptlib attribute type +Description = pkiBoot (1 3 6 1 4 1 3029 3 1 2) + +OID = 06 0A 2B 06 01 04 01 97 55 03 01 04 +Comment = cryptlib attribute type +Description = crlExtReason (1 3 6 1 4 1 3029 3 1 4) + +OID = 06 0A 2B 06 01 04 01 97 55 03 01 05 +Comment = cryptlib attribute type +Description = keyFeatures (1 3 6 1 4 1 3029 3 1 5) + +OID = 06 09 2B 06 01 04 01 97 55 04 01 +Comment = cryptlib +Description = cryptlibContent (1 3 6 1 4 1 3029 4 1) + +OID = 06 0A 2B 06 01 04 01 97 55 04 01 01 +Comment = cryptlib content type +Description = cryptlibConfigData (1 3 6 1 4 1 3029 4 1 1) + +OID = 06 0A 2B 06 01 04 01 97 55 04 01 02 +Comment = cryptlib content type +Description = cryptlibUserIndex (1 3 6 1 4 1 3029 4 1 2) + +OID = 06 0A 2B 06 01 04 01 97 55 04 01 03 +Comment = cryptlib content type +Description = cryptlibUserInfo (1 3 6 1 4 1 3029 4 1 3) + +OID = 06 0A 2B 06 01 04 01 97 55 04 01 04 +Comment = cryptlib content type +Description = rtcsRequest (1 3 6 1 4 1 3029 4 1 4) + +OID = 06 0A 2B 06 01 04 01 97 55 04 01 05 +Comment = cryptlib content type +Description = rtcsResponse (1 3 6 1 4 1 3029 4 1 5) + +OID = 06 0A 2B 06 01 04 01 97 55 04 01 06 +Comment = cryptlib content type +Description = rtcsResponseExt (1 3 6 1 4 1 3029 4 1 6) + +OID = 06 0B 2B 06 01 04 01 97 55 2A D7 24 01 +Comment = cryptlib special MPEG-of-cat OID +Description = mpeg-1 (1 3 6 1 4 1 3029 42 11172 1) + +OID = 06 0C 2B 06 01 04 01 97 55 58 59 5A 5A 59 +Comment = cryptlib certificate policy +Description = xYZZY policyIdentifier (1 3 6 1 4 1 3029 88 89 90 90 89) + +# PGP Inc. + +OID = 06 0A 2B 06 01 04 01 9A 49 08 01 01 +Comment = PGP key information +Description = pgpExtension (1 3 6 1 4 1 3401 8 1 1) + +# EDI messaging for TMN Interactive Agents + +OID = 06 08 2B 06 01 04 01 9B 78 07 +Comment = TMN EDI for Interactive Agents +Description = eciaAscX12Edi (1 3 6 1 4 1 3576 7) + +OID = 06 09 2B 06 01 04 01 9B 78 07 01 +Comment = TMN EDI for Interactive Agents +Description = plainEDImessage (1 3 6 1 4 1 3576 7 1) + +OID = 06 09 2B 06 01 04 01 9B 78 07 02 +Comment = TMN EDI for Interactive Agents +Description = signedEDImessage (1 3 6 1 4 1 3576 7 2) + +OID = 06 09 2B 06 01 04 01 9B 78 07 05 +Comment = TMN EDI for Interactive Agents +Description = integrityEDImessage (1 3 6 1 4 1 3576 7 5) + +OID = 06 09 2B 06 01 04 01 9B 78 07 41 +Comment = TMN EDI for Interactive Agents +Description = iaReceiptMessage (1 3 6 1 4 1 3576 7 65) + +OID = 06 09 2B 06 01 04 01 9B 78 07 61 +Comment = TMN EDI for Interactive Agents +Description = iaStatusMessage (1 3 6 1 4 1 3576 7 97) + +OID = 06 08 2B 06 01 04 01 9B 78 08 +Comment = TMN EDI for Interactive Agents +Description = eciaEdifact (1 3 6 1 4 1 3576 8) + +OID = 06 08 2B 06 01 04 01 9B 78 09 +Comment = TMN EDI for Interactive Agents +Description = eciaNonEdi (1 3 6 1 4 1 3576 9) + +# Timeproof (www.timeproof.de) + +OID = 06 09 2B 06 01 04 01 AA 60 +Comment = enterprise +Description = timeproof (1 3 6 1 4 1 5472) + +OID = 06 09 2B 06 01 04 01 AA 60 01 +Comment = timeproof +Description = tss (1 3 6 1 4 1 5472 1) + +OID = 06 09 2B 06 01 04 01 AA 60 01 01 +Comment = timeproof TSS +Description = tss80 (1 3 6 1 4 1 5472 1 1) + +OID = 06 09 2B 06 01 04 01 AA 60 01 01 +Comment = timeproof TSS +Description = tss380 (1 3 6 1 4 1 5472 1 2) + +OID = 06 09 2B 06 01 04 01 AA 60 01 01 +Comment = timeproof TSS +Description = tss400 (1 3 6 1 4 1 5472 1 3) + +# MEDePass + +OID = 06 09 2B 06 01 04 01 AD 0A 00 03 +Comment = MEDePass +Description = secondaryPractices (1 3 6 1 4 1 5770 0 3) + +OID = 06 09 2B 06 01 04 01 AD 0A 00 04 +Comment = MEDePass +Description = physicianIdentifiers (1 3 6 1 4 1 5770 0 4) + +# Comodo CA + +OID = 06 0C 2B 06 01 04 01 B2 31 01 02 01 03 01 +Comment = Comodo CA +Description = comodoPolicy (1 3 6 1 4 1 6449 1 2 1 3 1) + +# Chilean Government + +OID = 06 08 2B 06 01 04 01 C0 27 01 +Comment = Chilean Government national unique roll number +Description = rolUnicoNacional (1 3 6 1 4 1 8231 1) + +# GNU Project + +OID = 06 07 2B 06 01 04 01 DA 47 +Comment = GNU Project (see http://www.gnupg.org/oids.html) +Description = gnu (1 3 6 1 4 1 11591) + +OID = 06 08 2B 06 01 04 01 DA 47 01 +Comment = GNU Radius +Description = gnu-radius (1 3 6 1 4 1 11591 1) + +OID = 06 08 2B 06 01 04 01 DA 47 03 +Comment = GNU Radar +Description = gnu-radar (1 3 6 1 4 1 11591 3) + +OID = 06 08 2B 06 01 04 01 DA 47 0C +Comment = GNU digest algorithm +Description = gnuDigestAlgorithm (1 3 6 1 4 1 11591 12) + +OID = 06 09 2B 06 01 04 01 DA 47 0C 02 +Comment = GNU digest algorithm +Description = tiger (1 3 6 1 4 1 11591 12 2) + +OID = 06 08 2B 06 01 04 01 DA 47 0D +Comment = GNU encryption algorithm +Description = gnuEncryptionAlgorithm (1 3 6 1 4 1 11591 13) + +OID = 06 09 2B 06 01 04 01 DA 47 0D 02 +Comment = GNU encryption algorithm +Description = serpent (1 3 6 1 4 1 11591 13 2) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 01 +Comment = GNU encryption algorithm +Description = serpent128-ECB (1 3 6 1 4 1 11591 13 2 1) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 02 +Comment = GNU encryption algorithm +Description = serpent128-CBC (1 3 6 1 4 1 11591 13 2 2) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 03 +Comment = GNU encryption algorithm +Description = serpent128-OFB (1 3 6 1 4 1 11591 13 2 3) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 04 +Comment = GNU encryption algorithm +Description = serpent128-CFB (1 3 6 1 4 1 11591 13 2 4) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 15 +Comment = GNU encryption algorithm +Description = serpent192-ECB (1 3 6 1 4 1 11591 13 2 21) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 16 +Comment = GNU encryption algorithm +Description = serpent192-CBC (1 3 6 1 4 1 11591 13 2 22) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 17 +Comment = GNU encryption algorithm +Description = serpent192-OFB (1 3 6 1 4 1 11591 13 2 23) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 18 +Comment = GNU encryption algorithm +Description = serpent192-CFB (1 3 6 1 4 1 11591 13 2 24) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 29 +Comment = GNU encryption algorithm +Description = serpent256-ECB (1 3 6 1 4 1 11591 13 2 41) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 2A +Comment = GNU encryption algorithm +Description = serpent256-CBC (1 3 6 1 4 1 11591 13 2 42) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 2B +Comment = GNU encryption algorithm +Description = serpent256-OFB (1 3 6 1 4 1 11591 13 2 43) + +OID = 06 0A 2B 06 01 04 01 DA 47 0D 02 2C +Comment = GNU encryption algorithm +Description = serpent256-CFB (1 3 6 1 4 1 11591 13 2 44) + +# Northrop Grumman Mission Systems + +OID = 06 0B 2B 06 01 04 01 FF 4E 83 7D 01 01 +Comment = Northrop Grumman extended key usage +Description = Northrop Grumman extKeyUsage? (1 3 6 1 4 1 16334 509 1 1) + +OID = 06 0B 2B 06 01 04 01 FF 4E 83 7D 02 01 +Comment = Northrop Grumman policy +Description = ngcClass1 (1 3 6 1 4 1 16334 509 2 1) + +OID = 06 0B 2B 06 01 04 01 FF 4E 83 7D 02 02 +Comment = Northrop Grumman policy +Description = ngcClass2 (1 3 6 1 4 1 16334 509 2 2) + +OID = 06 0B 2B 06 01 04 01 FF 4E 83 7D 02 03 +Comment = Northrop Grumman policy +Description = ngcClass3 (1 3 6 1 4 1 16334 509 2 3) + +# PKIX + +OID = 06 06 2B 06 01 05 05 07 +Description = pkix (1 3 6 1 5 5 7) + +OID = 06 06 2B 06 01 05 05 07 +Comment = PKIX +Description = attributeCert (1 3 6 1 5 5 7 0 12) + +OID = 06 07 2B 06 01 05 05 07 01 +Comment = PKIX +Description = privateExtension (1 3 6 1 5 5 7 1) + +OID = 06 08 2B 06 01 05 05 07 01 01 +Comment = PKIX private extension +Description = authorityInfoAccess (1 3 6 1 5 5 7 1 1) + +OID = 06 08 2B 06 01 05 05 07 01 02 +Comment = PKIX private extension +Description = biometricInfo (1 3 6 1 5 5 7 1 2) + +OID = 06 08 2B 06 01 05 05 07 01 03 +Comment = PKIX private extension +Description = qcStatements (1 3 6 1 5 5 7 1 3) + +OID = 06 08 2B 06 01 05 05 07 01 04 +Comment = PKIX private extension +Description = acAuditIdentity (1 3 6 1 5 5 7 1 4) + +OID = 06 08 2B 06 01 05 05 07 01 05 +Comment = PKIX private extension +Description = acTargeting (1 3 6 1 5 5 7 1 5) + +OID = 06 08 2B 06 01 05 05 07 01 06 +Comment = PKIX private extension +Description = acAaControls (1 3 6 1 5 5 7 1 6) + +OID = 06 08 2B 06 01 05 05 07 01 07 +Comment = PKIX private extension +Description = sbgp-ipAddrBlock (1 3 6 1 5 5 7 1 7) + +OID = 06 08 2B 06 01 05 05 07 01 08 +Comment = PKIX private extension +Description = sbgp-autonomousSysNum (1 3 6 1 5 5 7 1 8) + +OID = 06 08 2B 06 01 05 05 07 01 09 +Comment = PKIX private extension +Description = sbgp-routerIdentifier (1 3 6 1 5 5 7 1 9) + +OID = 06 08 2B 06 01 05 05 07 01 0A +Comment = PKIX private extension +Description = acProxying (1 3 6 1 5 5 7 1 10) + +OID = 06 08 2B 06 01 05 05 07 01 0B +Comment = PKIX private extension +Description = subjectInfoAccess (1 3 6 1 5 5 7 1 11) + +OID = 06 07 2B 06 01 05 05 07 02 +Comment = PKIX +Description = policyQualifierIds (1 3 6 1 5 5 7 2) + +OID = 06 08 2B 06 01 05 05 07 02 01 +Comment = PKIX policy qualifier +Description = cps (1 3 6 1 5 5 7 2 1) + +OID = 06 08 2B 06 01 05 05 07 02 02 +Comment = PKIX policy qualifier +Description = unotice (1 3 6 1 5 5 7 2 2) + +OID = 06 08 2B 06 01 05 05 07 02 03 +Comment = PKIX policy qualifier +Description = textNotice (1 3 6 1 5 5 7 2 3) + +OID = 06 07 2B 06 01 05 05 07 03 +Comment = PKIX +Description = keyPurpose (1 3 6 1 5 5 7 3) + +OID = 06 08 2B 06 01 05 05 07 03 01 +Comment = PKIX key purpose +Description = serverAuth (1 3 6 1 5 5 7 3 1) + +OID = 06 08 2B 06 01 05 05 07 03 02 +Comment = PKIX key purpose +Description = clientAuth (1 3 6 1 5 5 7 3 2) + +OID = 06 08 2B 06 01 05 05 07 03 03 +Comment = PKIX key purpose +Description = codeSigning (1 3 6 1 5 5 7 3 3) + +OID = 06 08 2B 06 01 05 05 07 03 04 +Comment = PKIX key purpose +Description = emailProtection (1 3 6 1 5 5 7 3 4) + +OID = 06 08 2B 06 01 05 05 07 03 05 +Comment = PKIX key purpose +Description = ipsecEndSystem (1 3 6 1 5 5 7 3 5) + +OID = 06 08 2B 06 01 05 05 07 03 06 +Comment = PKIX key purpose +Description = ipsecTunnel (1 3 6 1 5 5 7 3 6) + +OID = 06 08 2B 06 01 05 05 07 03 07 +Comment = PKIX key purpose +Description = ipsecUser (1 3 6 1 5 5 7 3 7) + +OID = 06 08 2B 06 01 05 05 07 03 08 +Comment = PKIX key purpose +Description = timeStamping (1 3 6 1 5 5 7 3 8) + +OID = 06 08 2B 06 01 05 05 07 03 09 +Comment = PKIX key purpose +Description = ocspSigning (1 3 6 1 5 5 7 3 9) + +OID = 06 08 2B 06 01 05 05 07 03 0A +Comment = PKIX key purpose +Description = dvcs (1 3 6 1 5 5 7 3 10) + +OID = 06 08 2B 06 01 05 05 07 03 0B +Comment = PKIX key purpose +Description = sbgpCertAAServerAuth (1 3 6 1 5 5 7 3 11) + +OID = 06 08 2B 06 01 05 05 07 03 0D +Comment = PKIX key purpose +Description = eapOverPPP (1 3 6 1 5 5 7 3 13) + +OID = 06 08 2B 06 01 05 05 07 03 0E +Comment = PKIX key purpose +Description = wlanSSID (1 3 6 1 5 5 7 3 14) + +OID = 06 07 2B 06 01 05 05 07 04 +Comment = PKIX +Description = cmpInformationTypes (1 3 6 1 5 5 7 4) + +OID = 06 08 2B 06 01 05 05 07 04 01 +Comment = PKIX CMP information +Description = caProtEncCert (1 3 6 1 5 5 7 4 1) + +OID = 06 08 2B 06 01 05 05 07 04 02 +Comment = PKIX CMP information +Description = signKeyPairTypes (1 3 6 1 5 5 7 4 2) + +OID = 06 08 2B 06 01 05 05 07 04 03 +Comment = PKIX CMP information +Description = encKeyPairTypes (1 3 6 1 5 5 7 4 3) + +OID = 06 08 2B 06 01 05 05 07 04 04 +Comment = PKIX CMP information +Description = preferredSymmAlg (1 3 6 1 5 5 7 4 4) + +OID = 06 08 2B 06 01 05 05 07 04 05 +Comment = PKIX CMP information +Description = caKeyUpdateInfo (1 3 6 1 5 5 7 4 5) + +OID = 06 08 2B 06 01 05 05 07 04 06 +Comment = PKIX CMP information +Description = currentCRL (1 3 6 1 5 5 7 4 6) + +OID = 06 08 2B 06 01 05 05 07 04 07 +Comment = PKIX CMP information +Description = unsupportedOIDs (1 3 6 1 5 5 7 4 7) + +OID = 06 08 2B 06 01 05 05 07 04 0A +Comment = PKIX CMP information +Description = keyPairParamReq (1 3 6 1 5 5 7 4 10) + +OID = 06 08 2B 06 01 05 05 07 04 0B +Comment = PKIX CMP information +Description = keyPairParamRep (1 3 6 1 5 5 7 4 11) + +OID = 06 08 2B 06 01 05 05 07 04 0C +Comment = PKIX CMP information +Description = revPassphrase (1 3 6 1 5 5 7 4 12) + +OID = 06 08 2B 06 01 05 05 07 04 0D +Comment = PKIX CMP information +Description = implicitConfirm (1 3 6 1 5 5 7 4 13) + +OID = 06 08 2B 06 01 05 05 07 04 0E +Comment = PKIX CMP information +Description = confirmWaitTime (1 3 6 1 5 5 7 4 14) + +OID = 06 08 2B 06 01 05 05 07 04 0F +Comment = PKIX CMP information +Description = origPKIMessage (1 3 6 1 5 5 7 4 15) + +OID = 06 08 2B 06 01 05 05 07 04 10 +Comment = PKIX CMP information +Description = suppLangTags (1 3 6 1 5 5 7 4 16) + +OID = 06 07 2B 06 01 05 05 07 05 +Comment = PKIX +Description = crmfRegistration (1 3 6 1 5 5 7 5) + +OID = 06 08 2B 06 01 05 05 07 05 01 +Comment = PKIX CRMF registration +Description = regCtrl (1 3 6 1 5 5 7 5 1) + +OID = 06 09 2B 06 01 05 05 07 05 01 01 +Comment = PKIX CRMF registration control +Description = regToken (1 3 6 1 5 5 7 5 1 1) + +OID = 06 09 2B 06 01 05 05 07 05 01 02 +Comment = PKIX CRMF registration control +Description = authenticator (1 3 6 1 5 5 7 5 1 2) + +OID = 06 09 2B 06 01 05 05 07 05 01 03 +Comment = PKIX CRMF registration control +Description = pkiPublicationInfo (1 3 6 1 5 5 7 5 1 3) + +OID = 06 09 2B 06 01 05 05 07 05 01 04 +Comment = PKIX CRMF registration control +Description = pkiArchiveOptions (1 3 6 1 5 5 7 5 1 4) + +OID = 06 09 2B 06 01 05 05 07 05 01 05 +Comment = PKIX CRMF registration control +Description = oldCertID (1 3 6 1 5 5 7 5 1 5) + +OID = 06 09 2B 06 01 05 05 07 05 01 06 +Comment = PKIX CRMF registration control +Description = protocolEncrKey (1 3 6 1 5 5 7 5 1 6) + +OID = 06 09 2B 06 01 05 05 07 05 01 07 +Comment = PKIX CRMF registration control +Description = altCertTemplate(1 3 6 1 5 5 7 5 1 7) + +OID = 06 09 2B 06 01 05 05 07 05 01 08 +Comment = PKIX CRMF registration control +Description = wtlsTemplate (1 3 6 1 5 5 7 5 1 8) + +OID = 06 08 2B 06 01 05 05 07 05 02 +Comment = PKIX CRMF registration +Description = (1 3 6 1 5 5 7 5 2) + +OID = 06 09 2B 06 01 05 05 07 05 02 01 +Comment = PKIX CRMF registration control +Description = utf8Pairs (1 3 6 1 5 5 7 5 2 1) + +OID = 06 09 2B 06 01 05 05 07 05 02 02 +Comment = PKIX CRMF registration control +Description = certReq (1 3 6 1 5 5 7 5 2 2) + +OID = 06 07 2B 06 01 05 05 07 06 +Comment = PKIX +Description = algorithms (1 3 6 1 5 5 7 6) + +OID = 06 08 2B 06 01 05 05 07 06 01 +Comment = PKIX algorithm +Description = des40 (1 3 6 1 5 5 7 6 1) + +OID = 06 08 2B 06 01 05 05 07 06 02 +Comment = PKIX algorithm +Description = noSignature (1 3 6 1 5 5 7 6 2) + +OID = 06 08 2B 06 01 05 05 07 06 03 +Comment = PKIX algorithm +Description = dh-sig-hmac-sha1 (1 3 6 1 5 5 7 6 3) + +OID = 06 08 2B 06 01 05 05 07 06 04 +Comment = PKIX algorithm +Description = dh-pop (1 3 6 1 5 5 7 6 4) + +OID = 06 07 2B 06 01 05 05 07 07 +Comment = PKIX +Description = cmcControls (1 3 6 1 5 5 7 7) + +OID = 06 07 2B 06 01 05 05 07 08 +Comment = PKIX +Description = otherNames (1 3 6 1 5 5 7 8) + +OID = 06 08 2B 06 01 05 05 07 08 01 +Comment = PKIX other name +Description = personalData (1 3 6 1 5 5 7 8 1) + +OID = 06 08 2B 06 01 05 05 07 08 02 +Comment = PKIX other name +Description = userGroup (1 3 6 1 5 5 7 8 2) + +OID = 06 07 2B 06 01 05 05 07 09 +Comment = PKIX qualified certificates +Description = personalData (1 3 6 1 5 5 7 9) + +OID = 06 08 2B 06 01 05 05 07 09 01 +Comment = PKIX personal data +Description = dateOfBirth (1 3 6 1 5 5 7 9 1) + +OID = 06 08 2B 06 01 05 05 07 09 02 +Comment = PKIX personal data +Description = placeOfBirth (1 3 6 1 5 5 7 9 2) + +OID = 06 08 2B 06 01 05 05 07 09 03 +Comment = PKIX personal data +Description = gender (1 3 6 1 5 5 7 9 3) + +OID = 06 08 2B 06 01 05 05 07 09 04 +Comment = PKIX personal data +Description = countryOfCitizenship (1 3 6 1 5 5 7 9 4) + +OID = 06 08 2B 06 01 05 05 07 09 05 +Comment = PKIX personal data +Description = countryOfResidence (1 3 6 1 5 5 7 9 5) + +OID = 06 07 2B 06 01 05 05 07 0A +Comment = PKIX +Description = attributeCertificate (1 3 6 1 5 5 7 10) + +OID = 06 08 2B 06 01 05 05 07 0A 01 +Comment = PKIX attribute certificate extension +Description = authenticationInfo (1 3 6 1 5 5 7 10 1) + +OID = 06 08 2B 06 01 05 05 07 0A 02 +Comment = PKIX attribute certificate extension +Description = accessIdentity (1 3 6 1 5 5 7 10 2) + +OID = 06 08 2B 06 01 05 05 07 0A 03 +Comment = PKIX attribute certificate extension +Description = chargingIdentity (1 3 6 1 5 5 7 10 3) + +OID = 06 08 2B 06 01 05 05 07 0A 04 +Comment = PKIX attribute certificate extension +Description = group (1 3 6 1 5 5 7 10 4) + +OID = 06 08 2B 06 01 05 05 07 0A 05 +Comment = PKIX attribute certificate extension +Description = role (1 3 6 1 5 5 7 10 5) + +OID = 06 08 2B 06 01 05 05 07 0A 06 +Comment = PKIX attribute certificate extension +Description = encAttrs (1 3 6 1 5 5 7 10 6) + +OID = 06 07 2B 06 01 05 05 07 0B +Comment = PKIX qualified certificates +Description = personalData (1 3 6 1 5 5 7 11) + +OID = 06 08 2B 06 01 05 05 07 0B 01 +Comment = PKIX qualified certificates +Description = pkixQCSyntax-v1 (1 3 6 1 5 5 7 11 1) + +# OCSP + +OID = 06 08 2B 06 01 05 05 07 30 01 +Comment = PKIX +Description = ocsp (1 3 6 1 5 5 7 48 1) + +OID = 06 09 2B 06 01 05 05 07 30 01 01 +Comment = OCSP +Description = ocspBasic (1 3 6 1 5 5 7 48 1 1) + +OID = 06 09 2B 06 01 05 05 07 30 01 02 +Comment = OCSP +Description = ocspNonce (1 3 6 1 5 5 7 48 1 2) + +OID = 06 09 2B 06 01 05 05 07 30 01 03 +Comment = OCSP +Description = ocspCRL (1 3 6 1 5 5 7 48 1 3) + +OID = 06 09 2B 06 01 05 05 07 30 01 04 +Comment = OCSP +Description = ocspResponse (1 3 6 1 5 5 7 48 1 4) + +OID = 06 09 2B 06 01 05 05 07 30 01 05 +Comment = OCSP +Description = ocspNoCheck (1 3 6 1 5 5 7 48 1 5) + +OID = 06 09 2B 06 01 05 05 07 30 01 06 +Comment = OCSP +Description = ocspArchiveCutoff (1 3 6 1 5 5 7 48 1 6) + +OID = 06 09 2B 06 01 05 05 07 30 01 07 +Comment = OCSP +Description = ocspServiceLocator (1 3 6 1 5 5 7 48 1 7) + +# Subject/AuthorityInfo types (OCSP is already listed above) + +OID = 06 08 2B 06 01 05 05 07 30 02 +Comment = PKIX subject/authority info access descriptor +Description = caIssuers (1 3 6 1 5 5 7 48 2) + +OID = 06 08 2B 06 01 05 05 07 30 03 +Comment = PKIX subject/authority info access descriptor +Description = timeStamping (1 3 6 1 5 5 7 48 3) + +OID = 06 08 2B 06 01 05 05 07 30 05 +Comment = PKIX subject/authority info access descriptor +Description = caRepository (1 3 6 1 5 5 7 48 5) + +# ISAKMP + +OID = 06 08 2B 06 01 05 05 08 01 01 +Comment = ISAKMP HMAC algorithm +Description = hmacMD5 (1 3 6 1 5 5 8 1 1) + +OID = 06 08 2B 06 01 05 05 08 01 02 +Comment = ISAKMP HMAC algorithm +Description = hmacSHA (1 3 6 1 5 5 8 1 2) + +OID = 06 08 2B 06 01 05 05 08 01 03 +Comment = ISAKMP HMAC algorithm +Description = hmacTiger (1 3 6 1 5 5 8 1 3) + +OID = 06 08 2B 06 01 05 05 08 02 02 +Comment = IKE ??? +Description = iKEIntermediate (1 3 6 1 5 5 8 2 2) + +# DEC (via ECMA) + +OID = 06 07 2B 0C 02 87 73 07 01 +Comment = DASS algorithm +Description = decEncryptionAlgorithm (1 3 12 2 1011 7 1) + +OID = 06 08 2B 0C 02 87 73 07 01 02 +Comment = DASS encryption algorithm +Description = decDEA (1 3 12 2 1011 7 1 2) + +OID = 06 07 2B 0C 02 87 73 07 02 +Comment = DASS algorithm +Description = decHashAlgorithm (1 3 12 2 1011 7 2) + +OID = 06 07 2B 0C 02 87 73 07 02 01 +Comment = DASS hash algorithm +Description = decMD2 (1 3 12 2 1011 7 2 1) + +OID = 06 07 2B 0C 02 87 73 07 02 02 +Comment = DASS hash algorithm +Description = decMD4 (1 3 12 2 1011 7 2 2) + +OID = 06 07 2B 0C 02 87 73 07 03 +Comment = DASS algorithm +Description = decSignatureAlgorithm (1 3 12 2 1011 7 3) + +OID = 06 07 2B 0C 02 87 73 07 03 01 +Comment = DASS signature algorithm +Description = decMD2withRSA (1 3 12 2 1011 7 3 1) + +OID = 06 07 2B 0C 02 87 73 07 03 02 +Comment = DASS signature algorithm +Description = decMD4withRSA (1 3 12 2 1011 7 3 2) + +OID = 06 07 2B 0C 02 87 73 07 03 03 +Comment = DASS signature algorithm +Description = decDEAMAC (1 3 12 2 1011 7 3 3) + +# NIST Open Systems Environment (OSE) Implementor's Workshop (OIW), +# specialising in oddball and partially-defunct OIDs + +OID = 06 05 2B 0E 02 1A 05 +Comment = Unsure about this OID +Description = sha (1 3 14 2 26 5) + +OID = 06 06 2B 0E 03 02 01 01 +Comment = X.509. Unsure about this OID +Description = rsa (1 3 14 3 2 1 1) + +OID = 06 05 2B 0E 03 02 02 +Comment = Oddball OIW OID +Description = md4WitRSA (1 3 14 3 2 2) + +OID = 06 05 2B 0E 03 02 03 +Comment = Oddball OIW OID +Description = md5WithRSA (1 3 14 3 2 3) + +OID = 06 05 2B 0E 03 02 04 +Comment = Oddball OIW OID +Description = md4WithRSAEncryption (1 3 14 3 2 4) + +OID = 06 06 2B 0E 03 02 02 01 +Comment = X.509. Deprecated +Description = sqmod-N (1 3 14 3 2 2 1) +Warning + +OID = 06 06 2B 0E 03 02 03 01 +Comment = X.509. Deprecated +Description = sqmod-NwithRSA (1 3 14 3 2 3 1) +Warning + +OID = 06 05 2B 0E 03 02 06 +Description = desECB (1 3 14 3 2 6) + +OID = 06 05 2B 0E 03 02 07 +Description = desCBC (1 3 14 3 2 7) + +OID = 06 05 2B 0E 03 02 08 +Description = desOFB (1 3 14 3 2 8) + +OID = 06 05 2B 0E 03 02 09 +Description = desCFB (1 3 14 3 2 9) + +OID = 06 05 2B 0E 03 02 0A +Description = desMAC (1 3 14 3 2 10) + +OID = 06 05 2B 0E 03 02 0B +Comment = ISO 9796-2, also X9.31 Part 1 +Description = rsaSignature (1 3 14 3 2 11) + +OID = 06 05 2B 0E 03 02 0C +Comment = OIW?, supposedly from an incomplete version of SDN.701 (doesn't match final SDN.701) +Description = dsa (1 3 14 3 2 12) +Warning + +OID = 06 05 2B 0E 03 02 0D +Comment = Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27) +# Their response was that they know it's wrong, but noone uses SHA0 so it won't +# cause any problems, right? +Description = dsaWithSHA (1 3 14 3 2 13) +Warning + +# The various mdWithRSASignature OIDs are for the ANSI X9.31 draft and use +# ISO 9796-2 padding rules. This work was derailed during the PKP brouhaha and +# is still in progress (and probably will remain so) +OID = 06 05 2B 0E 03 02 0E +Comment = Oddball OIW OID using 9796-2 padding rules +Description = mdc2WithRSASignature (1 3 14 3 2 14) + +OID = 06 05 2B 0E 03 02 0F +Comment = Oddball OIW OID using 9796-2 padding rules +Description = shaWithRSASignature (1 3 14 3 2 15) + +OID = 06 05 2B 0E 03 02 10 +Comment = Oddball OIW OID. Deprecated, use a plain DH OID instead +Description = dhWithCommonModulus (1 3 14 3 2 16) +Warning + +OID = 06 05 2B 0E 03 02 11 +Comment = Oddball OIW OID. Mode is ECB +Description = desEDE (1 3 14 3 2 17) + +OID = 06 05 2B 0E 03 02 12 +Comment = Oddball OIW OID +Description = sha (1 3 14 3 2 18) + +OID = 06 05 2B 0E 03 02 13 +Comment = Oddball OIW OID, DES-based hash, planned for X9.31 Part 2 +Description = mdc-2 (1 3 14 3 2 19) + +OID = 06 05 2B 0E 03 02 14 +Comment = Oddball OIW OID. Deprecated, use a plain DSA OID instead +Description = dsaCommon (1 3 14 3 2 20) +Warning + +OID = 06 05 2B 0E 03 02 15 +Comment = Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead +Description = dsaCommonWithSHA (1 3 14 3 2 21) +Warning + +OID = 06 05 2B 0E 03 02 16 +Comment = Oddball OIW OID +Description = rsaKeyTransport (1 3 14 3 2 22) + +OID = 06 05 2B 0E 03 02 17 +Comment = Oddball OIW OID +Description = keyed-hash-seal (1 3 14 3 2 23) + +OID = 06 05 2B 0E 03 02 18 +Comment = Oddball OIW OID using 9796-2 padding rules +Description = md2WithRSASignature (1 3 14 3 2 24) + +OID = 06 05 2B 0E 03 02 19 +Comment = Oddball OIW OID using 9796-2 padding rules +Description = md5WithRSASignature (1 3 14 3 2 25) + +OID = 06 05 2B 0E 03 02 1A +Comment = OIW +Description = sha1 (1 3 14 3 2 26) + +# Yet another multiply-assigned OID +OID = 06 05 2B 0E 03 02 1B +Comment = OIW. This OID may also be assigned as ripemd-160 +Description = dsaWithSHA1 (1 3 14 3 2 27) + +OID = 06 05 2B 0E 03 02 1C +Comment = OIW +Description = dsaWithCommonSHA1 (1 3 14 3 2 28) + +OID = 06 05 2B 0E 03 02 1D +Comment = Oddball OIW OID +Description = sha-1WithRSAEncryption (1 3 14 3 2 29) + +OID = 06 05 2B 0E 03 03 01 +Comment = Oddball OIW OID +Description = simple-strong-auth-mechanism (1 3 14 3 3 1) + +OID = 06 06 2B 0E 07 02 01 01 +Comment = Unsure about this OID +Description = ElGamal (1 3 14 7 2 1 1) + +OID = 06 06 2B 0E 07 02 03 01 +Comment = Unsure about this OID +Description = md2WithRSA (1 3 14 7 2 3 1) + +OID = 06 06 2B 0E 07 02 03 02 +Comment = Unsure about this OID +Description = md2WithElGamal (1 3 14 7 2 3 2) + +# Teletrust + +OID = 06 03 2B 24 01 +Comment = Teletrust document +Description = document (1 3 36 1) + +OID = 06 04 2B 24 01 01 +Comment = Teletrust document +Description = finalVersion (1 3 36 1 1) + +OID = 06 04 2B 24 01 02 +Comment = Teletrust document +Description = draft (1 3 36 1 2) + +OID = 06 03 2B 24 02 +Comment = Teletrust sio +Description = sio (1 3 36 2) + +OID = 06 04 2B 24 02 01 +Comment = Teletrust sio +Description = sedu (1 3 36 2 1) + +OID = 06 03 2B 24 03 +Comment = Teletrust algorithm +Description = algorithm (1 3 36 3) + +OID = 06 04 2B 24 03 01 +Comment = Teletrust algorithm +Description = encryptionAlgorithm (1 3 36 3 1) + +OID = 06 05 2B 24 03 01 01 +Comment = Teletrust encryption algorithm +Description = des (1 3 36 3 1 1) + +OID = 06 06 2B 24 03 01 01 01 +Comment = Teletrust encryption algorithm +Description = desECB_pad (1 3 36 3 1 1 1) + +OID = 06 07 2B 24 03 01 01 01 01 +Comment = Teletrust encryption algorithm +Description = desECB_ISOpad (1 3 36 3 1 1 1 1) + +OID = 06 07 2B 24 03 01 01 02 01 +Comment = Teletrust encryption algorithm +Description = desCBC_pad (1 3 36 3 1 1 2 1) + +OID = 06 08 2B 24 03 01 01 02 01 01 +Comment = Teletrust encryption algorithm +Description = desCBC_ISOpad (1 3 36 3 1 1 2 1 1) + +OID = 06 05 2B 24 03 01 03 +Comment = Teletrust encryption algorithm +Description = des_3 (1 3 36 3 1 3) + +OID = 06 07 2B 24 03 01 03 01 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3ECB_pad (1 3 36 3 1 3 1 1) + +OID = 06 08 2B 24 03 01 03 01 01 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1) + +OID = 06 07 2B 24 03 01 03 02 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3CBC_pad (1 3 36 3 1 3 2 1) + +OID = 06 08 2B 24 03 01 03 02 01 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1) + +OID = 06 05 2B 24 03 01 02 +Comment = Teletrust encryption algorithm +Description = idea (1 3 36 3 1 2) + +OID = 06 06 2B 24 03 01 02 01 +Comment = Teletrust encryption algorithm +Description = ideaECB (1 3 36 3 1 2 1) + +OID = 06 07 2B 24 03 01 02 01 01 +Comment = Teletrust encryption algorithm +Description = ideaECB_pad (1 3 36 3 1 2 1 1) + +OID = 06 08 2B 24 03 01 02 01 01 01 +Comment = Teletrust encryption algorithm +Description = ideaECB_ISOpad (1 3 36 3 1 2 1 1 1) + +OID = 06 06 2B 24 03 01 02 02 +Comment = Teletrust encryption algorithm +Description = ideaCBC (1 3 36 3 1 2 2) + +OID = 06 07 2B 24 03 01 02 02 01 +Comment = Teletrust encryption algorithm +Description = ideaCBC_pad (1 3 36 3 1 2 2 1) + +OID = 06 08 2B 24 03 01 02 02 01 01 +Comment = Teletrust encryption algorithm +Description = ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1) + +OID = 06 06 2B 24 03 01 02 03 +Comment = Teletrust encryption algorithm +Description = ideaOFB (1 3 36 3 1 2 3) + +OID = 06 06 2B 24 03 01 02 04 +Comment = Teletrust encryption algorithm +Description = ideaCFB (1 3 36 3 1 2 4) + +OID = 06 05 2B 24 03 01 04 +Comment = Teletrust encryption algorithm +Description = rsaEncryption (1 3 36 3 1 4) + +OID = 06 08 2B 24 03 01 04 84 00 11 +Comment = Teletrust encryption algorithm +Description = rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17) + +OID = 06 05 2B 24 03 01 05 +Comment = Teletrust encryption algorithm +Description = bsi-1 (1 3 36 3 1 5) + +OID = 06 06 2B 24 03 01 05 01 +Comment = Teletrust encryption algorithm +Description = bsi_1ECB_pad (1 3 36 3 1 5 1) + +OID = 06 06 2B 24 03 01 05 02 +Comment = Teletrust encryption algorithm +Description = bsi_1CBC_pad (1 3 36 3 1 5 2) + +OID = 06 07 2B 24 03 01 05 02 01 +Comment = Teletrust encryption algorithm +Description = bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1) + +OID = 06 04 2B 24 03 02 +Comment = Teletrust algorithm +Description = hashAlgorithm (1 3 36 3 2) + +OID = 06 05 2B 24 03 02 01 +Comment = Teletrust hash algorithm +Description = ripemd160 (1 3 36 3 2 1) + +OID = 06 05 2B 24 03 02 02 +Comment = Teletrust hash algorithm +Description = ripemd128 (1 3 36 3 2 2) + +OID = 06 05 2B 24 03 02 03 +Comment = Teletrust hash algorithm +Description = ripemd256 (1 3 36 3 2 3) + +OID = 06 05 2B 24 03 02 04 +Comment = Teletrust hash algorithm +Description = mdc2singleLength (1 3 36 3 2 4) + +OID = 06 05 2B 24 03 02 05 +Comment = Teletrust hash algorithm +Description = mdc2doubleLength (1 3 36 3 2 5) + +OID = 06 04 2B 24 03 03 +Comment = Teletrust algorithm +Description = signatureAlgorithm (1 3 36 3 3) + +OID = 06 05 2B 24 03 03 01 +Comment = Teletrust signature algorithm +Description = rsaSignature (1 3 36 3 3 1) + +OID = 06 06 2B 24 03 03 01 01 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1 (1 3 36 3 3 1 1) + +# What *were* they thinking? +OID = 06 09 2B 24 03 03 01 01 84 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2) +OID = 06 09 2B 24 03 03 01 01 85 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2) +OID = 06 09 2B 24 03 03 01 01 86 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2) +OID = 06 09 2B 24 03 03 01 01 87 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 892 2) +OID = 06 09 2B 24 03 03 01 01 88 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2) +OID = 06 09 2B 24 03 03 01 01 84 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3) +OID = 06 09 2B 24 03 03 01 01 85 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3) +OID = 06 09 2B 24 03 03 01 01 86 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3) +OID = 06 09 2B 24 03 03 01 01 87 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3) +OID = 06 09 2B 24 03 03 01 01 88 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3) +OID = 06 09 2B 24 03 03 01 01 84 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5) +OID = 06 09 2B 24 03 03 01 01 85 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5) +OID = 06 09 2B 24 03 03 01 01 86 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5) +OID = 06 09 2B 24 03 03 01 01 87 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5) +OID = 06 09 2B 24 03 03 01 01 88 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5) +OID = 06 09 2B 24 03 03 01 01 84 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9) +OID = 06 09 2B 24 03 03 01 01 85 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9) +OID = 06 09 2B 24 03 03 01 01 86 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9) +OID = 06 09 2B 24 03 03 01 01 87 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9) +OID = 06 09 2B 24 03 03 01 01 88 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9) +OID = 06 09 2B 24 03 03 01 01 84 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11) +OID = 06 09 2B 24 03 03 01 01 85 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11) +OID = 06 09 2B 24 03 03 01 01 86 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11) +OID = 06 09 2B 24 03 03 01 01 87 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11) +OID = 06 09 2B 24 03 03 01 01 88 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11) + +OID = 06 06 2B 24 03 03 01 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160 (1 3 36 3 3 1 2) + +OID = 06 09 2B 24 03 03 01 02 84 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2) +OID = 06 09 2B 24 03 03 01 02 85 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2) +OID = 06 09 2B 24 03 03 01 02 86 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2) +OID = 06 09 2B 24 03 03 01 02 87 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 892 2) +OID = 06 09 2B 24 03 03 01 02 88 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2) +OID = 06 09 2B 24 03 03 01 02 84 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3) +OID = 06 09 2B 24 03 03 01 02 85 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3) +OID = 06 09 2B 24 03 03 01 02 86 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3) +OID = 06 09 2B 24 03 03 01 02 87 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3) +OID = 06 09 2B 24 03 03 01 02 88 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3) +OID = 06 09 2B 24 03 03 01 02 84 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5) +OID = 06 09 2B 24 03 03 01 02 85 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5) +OID = 06 09 2B 24 03 03 01 02 86 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5) +OID = 06 09 2B 24 03 03 01 02 87 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5) +OID = 06 09 2B 24 03 03 01 02 88 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5) +OID = 06 09 2B 24 03 03 01 02 84 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9) +OID = 06 09 2B 24 03 03 01 02 85 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9) +OID = 06 09 2B 24 03 03 01 02 86 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9) +OID = 06 09 2B 24 03 03 01 02 87 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9) +OID = 06 09 2B 24 03 03 01 02 88 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9) +OID = 06 09 2B 24 03 03 01 02 84 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11) +OID = 06 09 2B 24 03 03 01 02 85 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11) +OID = 06 09 2B 24 03 03 01 02 86 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11) +OID = 06 09 2B 24 03 03 01 02 87 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11) +OID = 06 09 2B 24 03 03 01 02 88 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11) + +OID = 06 06 2B 24 03 03 01 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3) + +OID = 06 06 2B 24 03 03 01 04 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4) + +OID = 06 05 2B 24 03 03 02 +Comment = Teletrust signature algorithm +Description = ecsieSign (1 3 36 3 3 2) + +OID = 06 06 2B 24 03 03 02 01 +Comment = Teletrust signature algorithm +Description = ecsieSignWithsha1 (1 3 36 3 3 2 1) + +OID = 06 06 2B 24 03 03 02 02 +Comment = Teletrust signature algorithm +Description = ecsieSignWithripemd160 (1 3 36 3 3 2 2) + +OID = 06 06 2B 24 03 03 02 03 +Comment = Teletrust signature algorithm +Description = ecsieSignWithmd2 (1 3 36 3 3 2 3) + +OID = 06 06 2B 24 03 03 02 04 +Comment = Teletrust signature algorithm +Description = ecsieSignWithmd5 (1 3 36 3 3 2 4) + +OID = 06 04 2B 24 03 04 +Comment = Teletrust algorithm +Description = signatureScheme (1 3 36 3 4) + +OID = 06 05 2B 24 03 04 01 +Comment = Teletrust signature scheme +Description = sigS_ISO9796-1 (1 3 36 3 4 1) + +OID = 06 05 2B 24 03 04 02 +Comment = Teletrust signature scheme +Description = sigS_ISO9796-2 (1 3 36 3 4 2) + +OID = 06 05 2B 24 03 04 02 01 +Comment = Teletrust signature scheme. Unsure what this is supposed to be +Description = sigS_ISO9796-2Withred (1 3 36 3 4 2 1) + +OID = 06 06 2B 24 03 04 02 02 +Comment = Teletrust signature scheme. Unsure what this is supposed to be +Description = sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2) + +OID = 06 06 2B 24 03 04 02 03 +Comment = Teletrust signature scheme. 9796-2 with random number in padding field +Description = sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3) + +OID = 06 03 2B 24 04 +Comment = Teletrust attribute +Description = attribute (1 3 36 4) + +OID = 06 03 2B 24 05 +Comment = Teletrust policy +Description = policy (1 3 36 5) + +OID = 06 03 2B 24 06 +Comment = Teletrust API +Description = api (1 3 36 6) + +OID = 06 04 2B 24 06 01 +Comment = Teletrust API +Description = manufacturer-specific_api (1 3 36 6 1) + +OID = 06 05 2B 24 06 01 01 +Comment = Teletrust API +Description = utimaco-api (1 3 36 6 1 1) + +OID = 06 04 2B 24 06 02 +Comment = Teletrust API +Description = functionality-specific_api (1 3 36 6 2) + +OID = 06 03 2B 24 07 +Comment = Teletrust key management +Description = keymgmnt (1 3 36 7) + +OID = 06 04 2B 24 07 01 +Comment = Teletrust key management +Description = keyagree (1 3 36 7 1) + +OID = 06 05 2B 24 07 01 01 +Comment = Teletrust key management +Description = bsiPKE (1 3 36 7 1 1) + +OID = 06 04 2B 24 07 02 +Comment = Teletrust key management +Description = keytrans (1 3 36 7 2) + +OID = 06 05 2B 24 07 02 01 +Comment = Teletrust key management. 9796-2 with key stored in hash field +Description = encISO9796-2Withrsa (1 3 36 7 2 1) + +OID = 06 05 2B 24 08 01 01 +Comment = Teletrust policy +Description = Teletrust SigGConform policyIdentifier (1 3 36 8 1 1) + +OID = 06 05 2B 24 08 02 01 +Comment = Teletrust extended key usage +Description = directoryService (1 3 36 8 2 1) + +OID = 06 05 2B 24 08 03 01 +Comment = Teletrust attribute +Description = dateOfCertGen (1 3 36 8 3 1) + +OID = 06 05 2B 24 08 03 02 +Comment = Teletrust attribute +Description = procuration (1 3 36 8 3 2) + +OID = 06 05 2B 24 08 03 03 +Comment = Teletrust attribute +Description = admission (1 3 36 8 3 3) + +OID = 06 05 2B 24 08 03 04 +Comment = Teletrust attribute +Description = monetaryLimit (1 3 36 8 3 4) + +OID = 06 05 2B 24 08 03 05 +Comment = Teletrust attribute +Description = declarationOfMajority (1 3 36 8 3 5) + +OID = 06 05 2B 24 08 03 06 +Comment = Teletrust attribute +Description = integratedCircuitCardSerialNumber (1 3 36 8 3 6) + +OID = 06 05 2B 24 08 03 07 +Comment = Teletrust attribute +Description = pKReference (1 3 36 8 3 7) + +OID = 06 05 2B 24 08 03 08 +Comment = Teletrust attribute +Description = restriction (1 3 36 8 3 8) + +OID = 06 05 2B 24 08 03 09 +Comment = Teletrust attribute +Description = retrieveIfAllowed (1 3 36 8 3 9) + +OID = 06 05 2B 24 08 03 0A +Comment = Teletrust attribute +Description = requestedCertificate (1 3 36 8 3 10) + +OID = 06 05 2B 24 08 03 0B +Comment = Teletrust attribute +Description = namingAuthorities (1 3 36 8 3 11) + +OID = 06 05 2B 24 08 03 0C +Comment = Teletrust attribute +Description = certInDirSince (1 3 36 8 3 12) + +OID = 06 05 2B 24 08 03 0D +Comment = Teletrust attribute +Description = certHash (1 3 36 8 3 13) + +OID = 06 05 2B 24 08 04 01 +Comment = Teletrust OtherName attribute +Description = personalData (1 3 36 8 4 1) + +OID = 06 05 2B 24 08 04 08 +Comment = Teletrust attribute certificate attribute +Description = restriction (1 3 36 8 4 8) + +OID = 06 07 2B 24 08 05 01 01 01 +Comment = Teletrust signature algorithm +Description = rsaIndicateSHA1 (1 3 36 8 5 1 1 1) + +OID = 06 07 2B 24 08 05 01 01 02 +Comment = Teletrust signature algorithm +Description = rsaIndicateRIPEMD160 (1 3 36 8 5 1 1 2) + +OID = 06 07 2B 24 08 05 01 01 03 +Comment = Teletrust signature algorithm +Description = rsaWithSHA1 (1 3 36 8 5 1 1 3) + +OID = 06 07 2B 24 08 05 01 01 04 +Comment = Teletrust signature algorithm +Description = rsaWithRIPEMD160 (1 3 36 8 5 1 1 4) + +OID = 06 07 2B 24 08 05 01 02 01 +Comment = Teletrust signature algorithm +Description = dsaExtended (1 3 36 8 5 1 2 1) + +OID = 06 07 2B 24 08 05 01 02 02 +Comment = Teletrust signature algorithm +Description = dsaWithRIPEMD160 (1 3 36 8 5 1 2 2) + +OID = 06 05 2B 24 08 06 01 +Comment = Teletrust signature attributes +Description = cert (1 3 36 8 6 1) + +OID = 06 05 2B 24 08 06 02 +Comment = Teletrust signature attributes +Description = certRef (1 3 36 8 6 2) + +OID = 06 05 2B 24 08 06 03 +Comment = Teletrust signature attributes +Description = attrCert (1 3 36 8 6 3) + +OID = 06 05 2B 24 08 06 04 +Comment = Teletrust signature attributes +Description = attrRef (1 3 36 8 6 4) + +OID = 06 05 2B 24 08 06 05 +Comment = Teletrust signature attributes +Description = fileName (1 3 36 8 6 5) + +OID = 06 05 2B 24 08 06 06 +Comment = Teletrust signature attributes +Description = storageTime (1 3 36 8 6 6) + +OID = 06 05 2B 24 08 06 07 +Comment = Teletrust signature attributes +Description = fileSize (1 3 36 8 6 7) + +OID = 06 05 2B 24 08 06 08 +Comment = Teletrust signature attributes +Description = location (1 3 36 8 6 8) + +OID = 06 05 2B 24 08 06 09 +Comment = Teletrust signature attributes +Description = sigNumber (1 3 36 8 6 9) + +OID = 06 05 2B 24 08 06 0A +Comment = Teletrust signature attributes +Description = autoGen (1 3 36 8 6 10) + +OID = 06 06 2B 24 08 07 01 01 +Comment = Teletrust presentation types +Description = ptAdobeILL (1 3 36 8 7 1 1) + +OID = 06 06 2B 24 08 07 01 02 +Comment = Teletrust presentation types +Description = ptAmiPro (1 3 36 8 7 1 2) + +OID = 06 06 2B 24 08 07 01 03 +Comment = Teletrust presentation types +Description = ptAutoCAD (1 3 36 8 7 1 3) + +OID = 06 06 2B 24 08 07 01 04 +Comment = Teletrust presentation types +Description = ptBinary (1 3 36 8 7 1 4) + +OID = 06 06 2B 24 08 07 01 05 +Comment = Teletrust presentation types +Description = ptBMP (1 3 36 8 7 1 5) + +OID = 06 06 2B 24 08 07 01 06 +Comment = Teletrust presentation types +Description = ptCGM (1 3 36 8 7 1 6) + +OID = 06 06 2B 24 08 07 01 07 +Comment = Teletrust presentation types +Description = ptCorelCRT (1 3 36 8 7 1 7) + +OID = 06 06 2B 24 08 07 01 08 +Comment = Teletrust presentation types +Description = ptCorelDRW (1 3 36 8 7 1 8) + +OID = 06 06 2B 24 08 07 01 09 +Comment = Teletrust presentation types +Description = ptCorelEXC (1 3 36 8 7 1 9) + +OID = 06 06 2B 24 08 07 01 0A +Comment = Teletrust presentation types +Description = ptCorelPHT (1 3 36 8 7 1 10) + +OID = 06 06 2B 24 08 07 01 0B +Comment = Teletrust presentation types +Description = ptDraw (1 3 36 8 7 1 11) + +OID = 06 06 2B 24 08 07 01 0C +Comment = Teletrust presentation types +Description = ptDVI (1 3 36 8 7 1 12) + +OID = 06 06 2B 24 08 07 01 0D +Comment = Teletrust presentation types +Description = ptEPS (1 3 36 8 7 1 13) + +OID = 06 06 2B 24 08 07 01 0E +Comment = Teletrust presentation types +Description = ptExcel (1 3 36 8 7 1 14) + +OID = 06 06 2B 24 08 07 01 0F +Comment = Teletrust presentation types +Description = ptGEM (1 3 36 8 7 1 15) + +OID = 06 06 2B 24 08 07 01 10 +Comment = Teletrust presentation types +Description = ptGIF (1 3 36 8 7 1 16) + +OID = 06 06 2B 24 08 07 01 11 +Comment = Teletrust presentation types +Description = ptHPGL (1 3 36 8 7 1 17) + +OID = 06 06 2B 24 08 07 01 12 +Comment = Teletrust presentation types +Description = ptJPEG (1 3 36 8 7 1 18) + +OID = 06 06 2B 24 08 07 01 13 +Comment = Teletrust presentation types +Description = ptKodak (1 3 36 8 7 1 19) + +OID = 06 06 2B 24 08 07 01 14 +Comment = Teletrust presentation types +Description = ptLaTeX (1 3 36 8 7 1 20) + +OID = 06 06 2B 24 08 07 01 15 +Comment = Teletrust presentation types +Description = ptLotus (1 3 36 8 7 1 21) + +OID = 06 06 2B 24 08 07 01 16 +Comment = Teletrust presentation types +Description = ptLotusPIC (1 3 36 8 7 1 22) + +OID = 06 06 2B 24 08 07 01 17 +Comment = Teletrust presentation types +Description = ptMacPICT (1 3 36 8 7 1 23) + +OID = 06 06 2B 24 08 07 01 18 +Comment = Teletrust presentation types +Description = ptMacWord (1 3 36 8 7 1 24) + +OID = 06 06 2B 24 08 07 01 19 +Comment = Teletrust presentation types +Description = ptMSWfD (1 3 36 8 7 1 25) + +OID = 06 06 2B 24 08 07 01 1A +Comment = Teletrust presentation types +Description = ptMSWord (1 3 36 8 7 1 26) + +OID = 06 06 2B 24 08 07 01 1B +Comment = Teletrust presentation types +Description = ptMSWord2 (1 3 36 8 7 1 27) + +OID = 06 06 2B 24 08 07 01 1C +Comment = Teletrust presentation types +Description = ptMSWord6 (1 3 36 8 7 1 28) + +OID = 06 06 2B 24 08 07 01 1D +Comment = Teletrust presentation types +Description = ptMSWord8 (1 3 36 8 7 1 29) + +OID = 06 06 2B 24 08 07 01 1E +Comment = Teletrust presentation types +Description = ptPDF (1 3 36 8 7 1 30) + +OID = 06 06 2B 24 08 07 01 1F +Comment = Teletrust presentation types +Description = ptPIF (1 3 36 8 7 1 31) + +OID = 06 06 2B 24 08 07 01 20 +Comment = Teletrust presentation types +Description = ptPostscript (1 3 36 8 7 1 32) + +OID = 06 06 2B 24 08 07 01 21 +Comment = Teletrust presentation types +Description = ptRTF (1 3 36 8 7 1 33) + +OID = 06 06 2B 24 08 07 01 22 +Comment = Teletrust presentation types +Description = ptSCITEX (1 3 36 8 7 1 34) + +OID = 06 06 2B 24 08 07 01 23 +Comment = Teletrust presentation types +Description = ptTAR (1 3 36 8 7 1 35) + +OID = 06 06 2B 24 08 07 01 24 +Comment = Teletrust presentation types +Description = ptTarga (1 3 36 8 7 1 36) + +OID = 06 06 2B 24 08 07 01 25 +Comment = Teletrust presentation types +Description = ptTeX (1 3 36 8 7 1 37) + +OID = 06 06 2B 24 08 07 01 26 +Comment = Teletrust presentation types +Description = ptText (1 3 36 8 7 1 38) + +OID = 06 06 2B 24 08 07 01 27 +Comment = Teletrust presentation types +Description = ptTIFF (1 3 36 8 7 1 39) + +OID = 06 06 2B 24 08 07 01 28 +Comment = Teletrust presentation types +Description = ptTIFF-FC (1 3 36 8 7 1 40) + +OID = 06 06 2B 24 08 07 01 29 +Comment = Teletrust presentation types +Description = ptUID (1 3 36 8 7 1 41) + +OID = 06 06 2B 24 08 07 01 2A +Comment = Teletrust presentation types +Description = ptUUEncode (1 3 36 8 7 1 42) + +OID = 06 06 2B 24 08 07 01 2B +Comment = Teletrust presentation types +Description = ptWMF (1 3 36 8 7 1 43) + +OID = 06 06 2B 24 08 07 01 2C +Comment = Teletrust presentation types +Description = ptWordPerfect (1 3 36 8 7 1 44) + +OID = 06 06 2B 24 08 07 01 2D +Comment = Teletrust presentation types +Description = ptWPGrph (1 3 36 8 7 1 45) + +# Thawte + +OID = 06 04 2B 65 01 04 +Comment = Thawte +Description = thawte-ce (1 3 101 1 4) + +OID = 06 05 2B 65 01 04 01 +Comment = Thawte certificate extension +Description = strongExtranet (1 3 101 1 4 1) + +# X.520. X.500v4 added encrypted versions of most of these attributes +# at n+2 (i.e. foo = 2 4 5 1, encryptedFoo = 2 4 5 1 2), this smells +# like a horrible kludge for something and probably isn't used, so we +# don't define them all here. + +OID = 06 03 55 04 00 +Comment = X.520 id-at (2 5 4) +Description = objectClass (2 5 4 0) + +OID = 06 03 55 04 01 +Comment = X.520 id-at (2 5 4) +Description = aliasedEntryName (2 5 4 1) + +OID = 06 03 55 04 02 +Comment = X.520 id-at (2 5 4) +Description = knowledgeInformation (2 5 4 2) + +OID = 06 03 55 04 03 +Comment = X.520 id-at (2 5 4) +Description = commonName (2 5 4 3) + +OID = 06 03 55 04 04 +Comment = X.520 id-at (2 5 4) +Description = surname (2 5 4 4) + +OID = 06 03 55 04 05 +Comment = X.520 id-at (2 5 4) +Description = serialNumber (2 5 4 5) + +OID = 06 03 55 04 06 +Comment = X.520 id-at (2 5 4) +Description = countryName (2 5 4 6) + +OID = 06 03 55 04 07 +Comment = X.520 id-at (2 5 4) +Description = localityName (2 5 4 7) + +OID = 06 04 55 04 07 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveLocalityName (2 5 4 7 1) + +OID = 06 03 55 04 08 +Comment = X.520 id-at (2 5 4) +Description = stateOrProvinceName (2 5 4 8) + +OID = 06 04 55 04 08 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveStateOrProvinceName (2 5 4 8 1) + +OID = 06 03 55 04 09 +Comment = X.520 id-at (2 5 4) +Description = streetAddress (2 5 4 9) + +OID = 06 04 55 04 09 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveStreetAddress (2 5 4 9 1) + +OID = 06 03 55 04 0A +Comment = X.520 id-at (2 5 4) +Description = organizationName (2 5 4 10) + +OID = 06 04 55 04 0A 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveOrganizationName (2 5 4 10 1) + +OID = 06 03 55 04 0B +Comment = X.520 id-at (2 5 4) +Description = organizationalUnitName (2 5 4 11) + +OID = 06 04 55 04 0B 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveOrganizationalUnitName (2 5 4 11 1) + +OID = 06 03 55 04 0C +Comment = X.520 id-at (2 5 4) +Description = title (2 5 4 12) + +OID = 06 03 55 04 0D +Comment = X.520 id-at (2 5 4) +Description = description (2 5 4 13) + +OID = 06 03 55 04 0E +Comment = X.520 id-at (2 5 4) +Description = searchGuide (2 5 4 14) + +OID = 06 03 55 04 0F +Comment = X.520 id-at (2 5 4) +Description = businessCategory (2 5 4 15) + +OID = 06 03 55 04 10 +Comment = X.520 id-at (2 5 4) +Description = postalAddress (2 5 4 16) + +OID = 06 04 55 04 10 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePostalAddress (2 5 4 16 1) + +OID = 06 03 55 04 11 +Comment = X.520 id-at (2 5 4) +Description = postalCode (2 5 4 17) + +OID = 06 04 55 04 11 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePostalCode (2 5 4 17 1) + +OID = 06 03 55 04 12 +Comment = X.520 id-at (2 5 4) +Description = postOfficeBox (2 5 4 18) + +OID = 06 04 55 04 12 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePostOfficeBox (2 5 4 18 1) + +OID = 06 03 55 04 13 +Comment = X.520 id-at (2 5 4) +Description = physicalDeliveryOfficeName (2 5 4 19) + +OID = 06 04 55 04 13 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePhysicalDeliveryOfficeName (2 5 4 19 1) + +OID = 06 03 55 04 14 +Comment = X.520 id-at (2 5 4) +Description = telephoneNumber (2 5 4 20) + +OID = 06 04 55 04 14 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveTelephoneNumber (2 5 4 20 1) + +OID = 06 03 55 04 15 +Comment = X.520 id-at (2 5 4) +Description = telexNumber (2 5 4 21) + +OID = 06 04 55 04 15 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveTelexNumber (2 5 4 21 1) + +OID = 06 03 55 04 16 +Comment = X.520 id-at (2 5 4) +Description = teletexTerminalIdentifier (2 5 4 22) + +OID = 06 04 55 04 16 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveTeletexTerminalIdentifier (2 5 4 22 1) + +OID = 06 03 55 04 17 +Comment = X.520 id-at (2 5 4) +Description = facsimileTelephoneNumber (2 5 4 23) + +OID = 06 04 55 04 17 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveFacsimileTelephoneNumber (2 5 4 23 1) + +OID = 06 03 55 04 18 +Comment = X.520 id-at (2 5 4) +Description = x121Address (2 5 4 24) + +OID = 06 03 55 04 19 +Comment = X.520 id-at (2 5 4) +Description = internationalISDNNumber (2 5 4 25) + +OID = 06 04 55 04 19 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveInternationalISDNNumber (2 5 4 25 1) + +OID = 06 03 55 04 1A +Comment = X.520 id-at (2 5 4) +Description = registeredAddress (2 5 4 26) + +OID = 06 03 55 04 1B +Comment = X.520 id-at (2 5 4) +Description = destinationIndicator (2 5 4 27) + +OID = 06 03 55 04 1C +Comment = X.520 id-at (2 5 4) +Description = preferredDeliveryMehtod (2 5 4 28) + +OID = 06 03 55 04 1D +Comment = X.520 id-at (2 5 4) +Description = presentationAddress (2 5 4 29) + +OID = 06 03 55 04 1E +Comment = X.520 id-at (2 5 4) +Description = supportedApplicationContext (2 5 4 30) + +OID = 06 03 55 04 1F +Comment = X.520 id-at (2 5 4) +Description = member (2 5 4 31) + +OID = 06 03 55 04 20 +Comment = X.520 id-at (2 5 4) +Description = owner (2 5 4 32) + +OID = 06 03 55 04 21 +Comment = X.520 id-at (2 5 4) +Description = roleOccupant (2 5 4 33) + +OID = 06 03 55 04 22 +Comment = X.520 id-at (2 5 4) +Description = seeAlso (2 5 4 34) + +OID = 06 03 55 04 23 +Comment = X.520 id-at (2 5 4) +Description = userPassword (2 5 4 35) + +OID = 06 03 55 04 24 +Comment = X.520 id-at (2 5 4) +Description = userCertificate (2 5 4 36) + +OID = 06 03 55 04 25 +Comment = X.520 id-at (2 5 4) +Description = caCertificate (2 5 4 37) + +OID = 06 03 55 04 26 +Comment = X.520 id-at (2 5 4) +Description = authorityRevocationList (2 5 4 38) + +OID = 06 03 55 04 27 +Comment = X.520 id-at (2 5 4) +Description = certificateRevocationList (2 5 4 39) + +OID = 06 03 55 04 28 +Comment = X.520 id-at (2 5 4) +Description = crossCertificatePair (2 5 4 40) + +OID = 06 03 55 04 29 +Comment = X.520 id-at (2 5 4) +Description = name (2 5 4 41) + +OID = 06 03 55 04 2A +Comment = X.520 id-at (2 5 4) +Description = givenName (2 5 4 42) + +OID = 06 03 55 04 2B +Comment = X.520 id-at (2 5 4) +Description = initials (2 5 4 43) + +OID = 06 03 55 04 2C +Comment = X.520 id-at (2 5 4) +Description = generationQualifier (2 5 4 44) + +OID = 06 03 55 04 2D +Comment = X.520 id-at (2 5 4) +Description = uniqueIdentifier (2 5 4 45) + +OID = 06 03 55 04 2E +Comment = X.520 id-at (2 5 4) +Description = dnQualifier (2 5 4 46) + +OID = 06 03 55 04 2F +Comment = X.520 id-at (2 5 4) +Description = enhancedSearchGuide (2 5 4 47) + +OID = 06 03 55 04 30 +Comment = X.520 id-at (2 5 4) +Description = protocolInformation (2 5 4 48) + +OID = 06 03 55 04 31 +Comment = X.520 id-at (2 5 4) +Description = distinguishedName (2 5 4 49) + +OID = 06 03 55 04 32 +Comment = X.520 id-at (2 5 4) +Description = uniqueMember (2 5 4 50) + +OID = 06 03 55 04 33 +Comment = X.520 id-at (2 5 4) +Description = houseIdentifier (2 5 4 51) + +OID = 06 03 55 04 34 +Comment = X.520 id-at (2 5 4) +Description = supportedAlgorithms (2 5 4 52) + +OID = 06 03 55 04 35 +Comment = X.520 id-at (2 5 4) +Description = deltaRevocationList (2 5 4 53) + +OID = 06 03 55 04 36 +Comment = X.520 id-at (2 5 4) +Description = dmdName (2 5 4 54) + +OID = 06 03 55 04 37 +Comment = X.520 id-at (2 5 4) +Description = clearance (2 5 4 55) + +OID = 06 03 55 04 38 +Comment = X.520 id-at (2 5 4) +Description = defaultDirQop (2 5 4 56) + +OID = 06 03 55 04 39 +Comment = X.520 id-at (2 5 4) +Description = attributeIntegrityInfo (2 5 4 57) + +OID = 06 03 55 04 3A +Comment = X.520 id-at (2 5 4) +Description = attributeCertificate (2 5 4 58) + +OID = 06 03 55 04 3B +Comment = X.520 id-at (2 5 4) +Description = attributeCertificateRevocationList (2 5 4 59) + +OID = 06 03 55 04 3C +Comment = X.520 id-at (2 5 4) +Description = confKeyInfo (2 5 4 60) + +OID = 06 03 55 04 3D +Comment = X.520 id-at (2 5 4) +Description = aACertificate (2 5 4 61) + +OID = 06 03 55 04 3E +Comment = X.520 id-at (2 5 4) +Description = attributeDescriptorCertificate (2 5 4 62) + +OID = 06 03 55 04 3F +Comment = X.520 id-at (2 5 4) +Description = attributeAuthorityRevocationList (2 5 4 63) + +OID = 06 03 55 04 40 +Comment = X.520 id-at (2 5 4) +Description = familyInformation (2 5 4 64) + +OID = 06 03 55 04 41 +Comment = X.520 id-at (2 5 4) +Description = pseudonym (2 5 4 65) + +OID = 06 03 55 04 42 +Comment = X.520 id-at (2 5 4) +Description = communicationsService (2 5 4 66) + +OID = 06 03 55 04 43 +Comment = X.520 id-at (2 5 4) +Description = communicationsNetwork (2 5 4 67) + +OID = 06 03 55 04 44 +Comment = X.520 id-at (2 5 4) +Description = certificationPracticeStmt (2 5 4 68) + +OID = 06 03 55 04 45 +Comment = X.520 id-at (2 5 4) +Description = certificatePolicy (2 5 4 69) + +OID = 06 03 55 04 46 +Comment = X.520 id-at (2 5 4) +Description = pkiPath (2 5 4 70) + +OID = 06 03 55 04 47 +Comment = X.520 id-at (2 5 4) +Description = privPolicy (2 5 4 71) + +OID = 06 03 55 04 48 +Comment = X.520 id-at (2 5 4) +Description = role (2 5 4 72) + +OID = 06 03 55 04 49 +Comment = X.520 id-at (2 5 4) +Description = delegationPath (2 5 4 73) + +# X.500 object classes + +OID = 06 03 55 06 00 +Comment = X.520 objectClass (2 5 6) +Description = top (2 5 6 0) + +OID = 06 03 55 06 01 +Comment = X.520 objectClass (2 5 6) +Description = alias (2 5 6 1) + +OID = 06 03 55 06 02 +Comment = X.520 objectClass (2 5 6) +Description = country (2 5 6 2) + +OID = 06 03 55 06 03 +Comment = X.520 objectClass (2 5 6) +Description = locality (2 5 6 3) + +OID = 06 03 55 06 04 +Comment = X.520 objectClass (2 5 6) +Description = organization (2 5 6 4) + +OID = 06 03 55 06 05 +Comment = X.520 objectClass (2 5 6) +Description = organizationalUnit (2 5 6 5) + +OID = 06 03 55 06 06 +Comment = X.520 objectClass (2 5 6) +Description = person (2 5 6 6) + +OID = 06 03 55 06 07 +Comment = X.520 objectClass (2 5 6) +Description = organizationalPerson (2 5 6 7) + +OID = 06 03 55 06 08 +Comment = X.520 objectClass (2 5 6) +Description = organizationalRole (2 5 6 8) + +OID = 06 03 55 06 09 +Comment = X.520 objectClass (2 5 6) +Description = groupOfNames (2 5 6 9) + +OID = 06 03 55 06 0A +Comment = X.520 objectClass (2 5 6) +Description = residentialPerson (2 5 6 10) + +OID = 06 03 55 06 0B +Comment = X.520 objectClass (2 5 6) +Description = applicationProcess (2 5 6 11) + +OID = 06 03 55 06 0C +Comment = X.520 objectClass (2 5 6) +Description = applicationEntity (2 5 6 12) + +OID = 06 03 55 06 0D +Comment = X.520 objectClass (2 5 6) +Description = dSA (2 5 6 13) + +OID = 06 03 55 06 0E +Comment = X.520 objectClass (2 5 6) +Description = device (2 5 6 14) + +OID = 06 03 55 06 0F +Comment = X.520 objectClass (2 5 6) +Description = strongAuthenticationUser (2 5 6 15) + +OID = 06 03 55 06 10 +Comment = X.520 objectClass (2 5 6) +Description = certificateAuthority (2 5 6 16) + +OID = 06 03 55 06 11 +Comment = X.520 objectClass (2 5 6) +Description = groupOfUniqueNames (2 5 6 17) + +OID = 06 03 55 06 15 +Comment = X.520 objectClass (2 5 6) +Description = pkiUser (2 5 6 21) + +OID = 06 03 55 06 16 +Comment = X.520 objectClass (2 5 6) +Description = pkiCA (2 5 6 22) + +# X.500 algorithms + +OID = 06 02 55 08 +Description = X.500-Algorithms (2 5 8) + +OID = 06 03 55 08 01 +Description = X.500-Alg-Encryption (2 5 8 1) + +OID = 06 04 55 08 01 01 +Comment = X.500 algorithms. Ambiguous, since no padding rules specified +Description = rsa (2 5 8 1 1) +Warning + +# X.509. Some of the smaller values are from early X.509 drafts with +# cross-pollination from X9.55 and are now deprecated. Alternative OIDs are +# marked if these are known. In some cases there are multiple generations of +# superseded OIDs + +OID = 06 03 55 1D 01 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 35) instead +Description = authorityKeyIdentifier (2 5 29 1) +Warning + +OID = 06 03 55 1D 02 +Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead +Description = keyAttributes (2 5 29 2) +Warning + +OID = 06 03 55 1D 03 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 32) instead +Description = certificatePolicies (2 5 29 3) +Warning + +OID = 06 03 55 1D 04 +Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead +Description = keyUsageRestriction (2 5 29 4) +Warning + +OID = 06 03 55 1D 05 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 33) instead +Description = policyMapping (2 5 29 5) +Warning + +OID = 06 03 55 1D 06 +Comment = X.509 id-ce (2 5 29). Obsolete, use nameConstraints instead +Description = subtreesConstraint (2 5 29 6) +Warning + +OID = 06 03 55 1D 07 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 17) instead +Description = subjectAltName (2 5 29 7) +Warning + +OID = 06 03 55 1D 08 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 18) instead +Description = issuerAltName (2 5 29 8) +Warning + +OID = 06 03 55 1D 09 +Comment = X.509 id-ce (2 5 29) +Description = subjectDirectoryAttributes (2 5 29 9) + +OID = 06 03 55 1D 0A +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead +Description = basicConstraints (2 5 29 10) +Warning + +OID = 06 03 55 1D 0B +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 30) instead +Description = nameConstraints (2 5 29 11) +Warning + +OID = 06 03 55 1D 0C +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead +Description = policyConstraints (2 5 29 12) +Warning + +OID = 06 03 55 1D 0D +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead +Description = basicConstraints (2 5 29 13) +Warning + +OID = 06 03 55 1D 0E +Comment = X.509 id-ce (2 5 29) +Description = subjectKeyIdentifier (2 5 29 14) + +OID = 06 03 55 1D 0F +Comment = X.509 id-ce (2 5 29) +Description = keyUsage (2 5 29 15) + +OID = 06 03 55 1D 10 +Comment = X.509 id-ce (2 5 29) +Description = privateKeyUsagePeriod (2 5 29 16) + +OID = 06 03 55 1D 11 +Comment = X.509 id-ce (2 5 29) +Description = subjectAltName (2 5 29 17) + +OID = 06 03 55 1D 12 +Comment = X.509 id-ce (2 5 29) +Description = issuerAltName (2 5 29 18) + +OID = 06 03 55 1D 13 +Comment = X.509 id-ce (2 5 29) +Description = basicConstraints (2 5 29 19) + +OID = 06 03 55 1D 14 +Comment = X.509 id-ce (2 5 29) +Description = cRLNumber (2 5 29 20) + +OID = 06 03 55 1D 15 +Comment = X.509 id-ce (2 5 29) +Description = cRLReason (2 5 29 21) + +OID = 06 03 55 1D 16 +Comment = X.509 id-ce (2 5 29). Deprecated, alternative OID uncertain +Description = expirationDate (2 5 29 22) +Warning + +OID = 06 03 55 1D 17 +Comment = X.509 id-ce (2 5 29) +Description = instructionCode (2 5 29 23) + +OID = 06 03 55 1D 18 +Comment = X.509 id-ce (2 5 29) +Description = invalidityDate (2 5 29 24) + +OID = 06 03 55 1D 19 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 31) instead +Description = cRLDistributionPoints (2 5 29 25) +Warning + +OID = 06 03 55 1D 1A +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 28) instead +Description = issuingDistributionPoint (2 5 29 26) +Warning + +OID = 06 03 55 1D 1B +Comment = X.509 id-ce (2 5 29) +Description = deltaCRLIndicator (2 5 29 27) + +OID = 06 03 55 1D 1C +Comment = X.509 id-ce (2 5 29) +Description = issuingDistributionPoint (2 5 29 28) + +OID = 06 03 55 1D 1D +Comment = X.509 id-ce (2 5 29) +Description = certificateIssuer (2 5 29 29) + +OID = 06 03 55 1D 1E +Comment = X.509 id-ce (2 5 29) +Description = nameConstraints (2 5 29 30) + +OID = 06 03 55 1D 1F +Comment = X.509 id-ce (2 5 29) +Description = cRLDistributionPoints (2 5 29 31) + +OID = 06 03 55 1D 20 +Comment = X.509 id-ce (2 5 29) +Description = certificatePolicies (2 5 29 32) + +OID = 06 04 55 1D 20 00 +Comment = X.509 certificatePolicies (2 5 29 32) +Description = anyPolicy (2 5 29 32 0) + +OID = 06 03 55 1D 21 +Comment = X.509 id-ce (2 5 29) +Description = policyMappings (2 5 29 33) + +OID = 06 03 55 1D 22 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead +Description = policyConstraints (2 5 29 34) +Warning + +OID = 06 03 55 1D 23 +Comment = X.509 id-ce (2 5 29) +Description = authorityKeyIdentifier (2 5 29 35) + +OID = 06 03 55 1D 24 +Comment = X.509 id-ce (2 5 29) +Description = policyConstraints (2 5 29 36) + +OID = 06 03 55 1D 25 +Comment = X.509 id-ce (2 5 29) +Description = extKeyUsage (2 5 29 37) + +OID = 06 04 55 1D 25 00 +Comment = X.509 extended key usage +Description = anyExtendedKeyUsage (2 5 29 37 0) + +OID = 06 03 55 1D 2E +Comment = X.509 id-ce (2 5 29) +Description = freshestCRL (2 5 29 46) + +OID = 06 03 55 1D 36 +Comment = X.509 id-ce (2 5 29) +Description = inhibitAnyPolicy (2 5 29 54) + +# DMS + +OID = 06 09 60 86 48 01 65 02 01 01 01 +Comment = SDN.700 INFOSEC algorithms +Description = sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1) + +OID = 06 09 60 86 48 01 65 02 01 01 02 +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1. +Description = fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2) + +OID = 06 09 60 86 48 01 65 02 01 01 03 +Comment = SDN.700 INFOSEC algorithms +Description = sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3) + +OID = 06 09 60 86 48 01 65 02 01 01 04 +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm +Description = fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4) + +OID = 06 09 60 86 48 01 65 02 01 01 05 +Comment = SDN.700 INFOSEC algorithms +Description = sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5) + +OID = 06 09 60 86 48 01 65 02 01 01 06 +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm +Description = fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6) + +OID = 06 09 60 86 48 01 65 02 01 01 07 +Comment = SDN.700 INFOSEC algorithms +Description = sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7) + +OID = 06 09 60 86 48 01 65 02 01 01 08 +Comment = SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm +Description = fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8) + +OID = 06 09 60 86 48 01 65 02 01 01 09 +Comment = SDN.700 INFOSEC algorithms +Description = sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9) + +OID = 06 09 60 86 48 01 65 02 01 01 0A +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm +Description = fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10) + +OID = 06 09 60 86 48 01 65 02 01 01 0B +Comment = SDN.700 INFOSEC algorithms +Description = sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11) + +OID = 06 09 60 86 48 01 65 02 01 01 0C +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm +Description = fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12) + +OID = 06 09 60 86 48 01 65 02 01 01 0D +Comment = SDN.700 INFOSEC algorithms +Description = suiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13) + +OID = 06 09 60 86 48 01 65 02 01 01 0E +Comment = SDN.700 INFOSEC algorithms +Description = suiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14) + +OID = 06 09 60 86 48 01 65 02 01 01 0F +Comment = SDN.700 INFOSEC algorithms +Description = suiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15) + +OID = 06 09 60 86 48 01 65 02 01 01 10 +Comment = SDN.700 INFOSEC algorithms +Description = suiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16) + +OID = 06 09 60 86 48 01 65 02 01 01 11 +Comment = SDN.700 INFOSEC algorithms +Description = suiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17) + +OID = 06 09 60 86 48 01 65 02 01 01 12 +Comment = SDN.700 INFOSEC algorithms +Description = suiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18) + +OID = 06 09 60 86 48 01 65 02 01 01 13 +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm +Description = fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19) + +OID = 06 09 60 86 48 01 65 02 01 01 14 +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms +Description = fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20) + +OID = 06 09 60 86 48 01 65 02 01 01 15 +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm +Description = fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21) + +OID = 06 09 60 86 48 01 65 02 01 01 16 +Comment = SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm +Description = keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22) + +OID = 06 09 60 86 48 01 65 02 01 01 17 +Comment = SDN.700 INFOSEC algorithms +Description = fortezzaWrap80Algorithm (2 16 840 1 101 2 1 1 23) + +OID = 06 09 60 86 48 01 65 02 01 01 18 +Comment = SDN.700 INFOSEC algorithms +Description = kEAKeyEncryptionAlgorithm (2 16 840 1 101 2 1 1 24) + +OID = 06 09 60 86 48 01 65 02 01 02 01 +Comment = SDN.700 INFOSEC format +Description = rfc822MessageFormat (2 16 840 1 101 2 1 2 1) + +OID = 06 09 60 86 48 01 65 02 01 02 02 +Comment = SDN.700 INFOSEC format +Description = emptyContent (2 16 840 1 101 2 1 2 2) + +OID = 06 09 60 86 48 01 65 02 01 02 03 +Comment = SDN.700 INFOSEC format +Description = cspContentType (2 16 840 1 101 2 1 2 3) + +OID = 06 09 60 86 48 01 65 02 01 02 2A +Comment = SDN.700 INFOSEC format +Description = mspRev3ContentType (2 16 840 1 101 2 1 2 42) + +OID = 06 09 60 86 48 01 65 02 01 02 30 +Comment = SDN.700 INFOSEC format +Description = mspContentType (2 16 840 1 101 2 1 2 48) + +OID = 06 09 60 86 48 01 65 02 01 02 31 +Comment = SDN.700 INFOSEC format +Description = mspRekeyAgentProtocol (2 16 840 1 101 2 1 2 49) + +OID = 06 09 60 86 48 01 65 02 01 02 32 +Comment = SDN.700 INFOSEC format +Description = mspMMP (2 16 840 1 101 2 1 2 50) + +OID = 06 09 60 86 48 01 65 02 01 02 42 +Comment = SDN.700 INFOSEC format +Description = mspRev3-1ContentType (2 16 840 1 101 2 1 2 66) + +OID = 06 09 60 86 48 01 65 02 01 02 48 +Comment = SDN.700 INFOSEC format +Description = forwardedMSPMessageBodyPart (2 16 840 1 101 2 1 2 72) + +OID = 06 09 60 86 48 01 65 02 01 02 49 +Comment = SDN.700 INFOSEC format +Description = mspForwardedMessageParameters (2 16 840 1 101 2 1 2 73) + +OID = 06 09 60 86 48 01 65 02 01 02 50 +Comment = SDN.700 INFOSEC format +Description = forwardedCSPMsgBodyPart (2 16 840 1 101 2 1 2 74) + +OID = 06 09 60 86 48 01 65 02 01 02 51 +Comment = SDN.700 INFOSEC format +Description = cspForwardedMessageParameters (2 16 840 1 101 2 1 2 75) + +OID = 06 09 60 86 48 01 65 02 01 02 52 +Comment = SDN.700 INFOSEC format +Description = mspMMP2 (2 16 840 1 101 2 1 2 76) + +OID = 06 09 60 86 48 01 65 02 01 03 01 +Comment = SDN.700 INFOSEC policy +Description = sdnsSecurityPolicy (2 16 840 1 101 2 1 3 1) + +OID = 06 09 60 86 48 01 65 02 01 03 02 +Comment = SDN.700 INFOSEC policy +Description = sdnsPRBAC (2 16 840 1 101 2 1 3 2) + +OID = 06 09 60 86 48 01 65 02 01 03 03 +Comment = SDN.700 INFOSEC policy +Description = mosaicPRBAC (2 16 840 1 101 2 1 3 3) + +OID = 06 09 60 86 48 01 65 02 01 03 0A +Comment = SDN.700 INFOSEC policy +Description = siSecurityPolicy (2 16 840 1 101 2 1 3 10) + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 00 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siNASP (2 16 840 1 101 2 1 3 10 0) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 01 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siELCO (2 16 840 1 101 2 1 3 10 1) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 02 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siTK (2 16 840 1 101 2 1 3 10 2) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 03 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siDSAP (2 16 840 1 101 2 1 3 10 3) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 04 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siSSSS (2 16 840 1 101 2 1 3 10 4) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 05 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siDNASP (2 16 840 1 101 2 1 3 10 5) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 06 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siBYEMAN (2 16 840 1 101 2 1 3 10 6) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 07 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siREL-US (2 16 840 1 101 2 1 3 10 7) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 08 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siREL-AUS (2 16 840 1 101 2 1 3 10 8) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 09 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siREL-CAN (2 16 840 1 101 2 1 3 10 9) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 0A +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siREL_UK (2 16 840 1 101 2 1 3 10 10) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 0B +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siREL-NZ (2 16 840 1 101 2 1 3 10 11) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0A 0C +Comment = SDN.700 INFOSEC policy (obsolete) +Description = siGeneric (2 16 840 1 101 2 1 3 10 12) +Warning + +OID = 06 09 60 86 48 01 65 02 01 03 0B +Comment = SDN.700 INFOSEC policy +Description = genser (2 16 840 1 101 2 1 3 11) + +OID = 06 0A 60 86 48 01 65 02 01 03 0B 00 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = genserNations (2 16 840 1 101 2 1 3 11 0) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0B 01 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = genserComsec (2 16 840 1 101 2 1 3 11 1) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0B 02 +Comment = SDN.700 INFOSEC policy (obsolete) +Description = genserAcquisition (2 16 840 1 101 2 1 3 11 2) +Warning + +OID = 06 0A 60 86 48 01 65 02 01 03 0B 03 +Comment = SDN.700 INFOSEC policy +Description = genserSecurityCategories (2 16 840 1 101 2 1 3 11 3) + +OID = 06 0B 60 86 48 01 65 02 01 03 0B 03 00 +Comment = SDN.700 INFOSEC GENSER policy +Description = genserTagSetName (2 16 840 1 101 2 1 3 11 3 0) + +OID = 06 09 60 86 48 01 65 02 01 03 0C +Comment = SDN.700 INFOSEC policy +Description = defaultSecurityPolicy (2 16 840 1 101 2 1 3 12) + +OID = 06 09 60 86 48 01 65 02 01 03 0D +Comment = SDN.700 INFOSEC policy +Description = capcoMarkings (2 16 840 1 101 2 1 3 13) + +OID = 06 0A 60 86 48 01 65 02 01 03 0D 00 +Comment = SDN.700 INFOSEC policy CAPCO markings +Description = capcoSecurityCategories (2 16 840 1 101 2 1 3 13 0) + +OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 01 +Comment = SDN.700 INFOSEC policy CAPCO markings +Description = capcoTagSetName1 (2 16 840 1 101 2 1 3 13 0 1) + +OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 02 +Comment = SDN.700 INFOSEC policy CAPCO markings +Description = capcoTagSetName2 (2 16 840 1 101 2 1 3 13 0 2) + +OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 03 +Comment = SDN.700 INFOSEC policy CAPCO markings +Description = capcoTagSetName3 (2 16 840 1 101 2 1 3 13 0 3) + +OID = 06 0B 60 86 48 01 65 02 01 03 0D 00 04 +Comment = SDN.700 INFOSEC policy CAPCO markings +Description = capcoTagSetName4 (2 16 840 1 101 2 1 3 13 0 4) + +OID = 06 09 60 86 48 01 65 02 01 05 01 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = sdnsKeyManagementCertificate (2 16 840 1 101 2 1 5 1) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 02 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = sdnsUserSignatureCertificate (2 16 840 1 101 2 1 5 2) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 03 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = sdnsKMandSigCertificate (2 16 840 1 101 2 1 5 3) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 04 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = fortezzaKeyManagementCertificate (2 16 840 1 101 2 1 5 4) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 05 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = fortezzaKMandSigCertificate (2 16 840 1 101 2 1 5 5) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 06 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = fortezzaUserSignatureCertificate (2 16 840 1 101 2 1 5 6) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 07 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = fortezzaCASignatureCertificate (2 16 840 1 101 2 1 5 7) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 08 +Comment = SDN.700 INFOSEC attributes (superseded) +Description = sdnsCASignatureCertificate (2 16 840 1 101 2 1 5 8) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 0A +Comment = SDN.700 INFOSEC attributes (superseded) +Description = auxiliaryVector (2 16 840 1 101 2 1 5 10) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 0B +Comment = SDN.700 INFOSEC attributes +Description = mlReceiptPolicy (2 16 840 1 101 2 1 5 11) + +OID = 06 09 60 86 48 01 65 02 01 05 0C +Comment = SDN.700 INFOSEC attributes +Description = mlMembership (2 16 840 1 101 2 1 5 12) + +OID = 06 09 60 86 48 01 65 02 01 05 0D +Comment = SDN.700 INFOSEC attributes +Description = mlAdministrators (2 16 840 1 101 2 1 5 13) + +OID = 06 09 60 86 48 01 65 02 01 05 0E +Comment = SDN.700 INFOSEC attributes +Description = alid (2 16 840 1 101 2 1 5 14) + +OID = 06 09 60 86 48 01 65 02 01 05 14 +Comment = SDN.700 INFOSEC attributes +Description = janUKMs (2 16 840 1 101 2 1 5 20) + +OID = 06 09 60 86 48 01 65 02 01 05 15 +Comment = SDN.700 INFOSEC attributes +Description = febUKMs (2 16 840 1 101 2 1 5 21) + +OID = 06 09 60 86 48 01 65 02 01 05 16 +Comment = SDN.700 INFOSEC attributes +Description = marUKMs (2 16 840 1 101 2 1 5 22) + +OID = 06 09 60 86 48 01 65 02 01 05 17 +Comment = SDN.700 INFOSEC attributes +Description = aprUKMs (2 16 840 1 101 2 1 5 23) + +OID = 06 09 60 86 48 01 65 02 01 05 18 +Comment = SDN.700 INFOSEC attributes +Description = mayUKMs (2 16 840 1 101 2 1 5 24) + +OID = 06 09 60 86 48 01 65 02 01 05 19 +Comment = SDN.700 INFOSEC attributes +Description = junUKMs (2 16 840 1 101 2 1 5 25) + +OID = 06 09 60 86 48 01 65 02 01 05 1A +Comment = SDN.700 INFOSEC attributes +Description = julUKMs (2 16 840 1 101 2 1 5 26) + +OID = 06 09 60 86 48 01 65 02 01 05 1B +Comment = SDN.700 INFOSEC attributes +Description = augUKMs (2 16 840 1 101 2 1 5 27) + +OID = 06 09 60 86 48 01 65 02 01 05 1C +Comment = SDN.700 INFOSEC attributes +Description = sepUKMs (2 16 840 1 101 2 1 5 28) + +OID = 06 09 60 86 48 01 65 02 01 05 1D +Comment = SDN.700 INFOSEC attributes +Description = octUKMs (2 16 840 1 101 2 1 5 29) + +OID = 06 09 60 86 48 01 65 02 01 05 1E +Comment = SDN.700 INFOSEC attributes +Description = novUKMs (2 16 840 1 101 2 1 5 30) + +OID = 06 09 60 86 48 01 65 02 01 05 1F +Comment = SDN.700 INFOSEC attributes +Description = decUKMs (2 16 840 1 101 2 1 5 31) + +OID = 06 09 60 86 48 01 65 02 01 05 28 +Comment = SDN.700 INFOSEC attributes +Description = metaSDNSckl (2 16 840 1 101 2 1 5 40) + +OID = 06 09 60 86 48 01 65 02 01 05 29 +Comment = SDN.700 INFOSEC attributes +Description = sdnsCKL (2 16 840 1 101 2 1 5 41) + +OID = 06 09 60 86 48 01 65 02 01 05 2A +Comment = SDN.700 INFOSEC attributes +Description = metaSDNSsignatureCKL (2 16 840 1 101 2 1 5 42) + +OID = 06 09 60 86 48 01 65 02 01 05 2B +Comment = SDN.700 INFOSEC attributes +Description = sdnsSignatureCKL (2 16 840 1 101 2 1 5 43) + +OID = 06 09 60 86 48 01 65 02 01 05 2C +Comment = SDN.700 INFOSEC attributes +Description = sdnsCertificateRevocationList (2 16 840 1 101 2 1 5 44) + +OID = 06 09 60 86 48 01 65 02 01 05 2D +Comment = SDN.700 INFOSEC attributes (superseded) +Description = fortezzaCertificateRevocationList (2 16 840 1 101 2 1 5 45) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 2E +Comment = SDN.700 INFOSEC attributes +Description = fortezzaCKL (2 16 840 1 101 2 1 5 46) + +OID = 06 09 60 86 48 01 65 02 01 05 2F +Comment = SDN.700 INFOSEC attributes +Description = alExemptedAddressProcessor (2 16 840 1 101 2 1 5 47) + +OID = 06 09 60 86 48 01 65 02 01 05 30 +Comment = SDN.700 INFOSEC attributes (obsolete) +Description = guard (2 16 840 1 101 2 1 5 48) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 31 +Comment = SDN.700 INFOSEC attributes (obsolete) +Description = algorithmsSupported (2 16 840 1 101 2 1 5 49) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 32 +Comment = SDN.700 INFOSEC attributes (obsolete) +Description = suiteAKeyManagementCertificate (2 16 840 1 101 2 1 5 50) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 33 +Comment = SDN.700 INFOSEC attributes (obsolete) +Description = suiteAKMandSigCertificate (2 16 840 1 101 2 1 5 51) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 34 +Comment = SDN.700 INFOSEC attributes (obsolete) +Description = suiteAUserSignatureCertificate (2 16 840 1 101 2 1 5 52) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 35 +Comment = SDN.700 INFOSEC attributes +Description = prbacInfo (2 16 840 1 101 2 1 5 53) + +OID = 06 09 60 86 48 01 65 02 01 05 36 +Comment = SDN.700 INFOSEC attributes +Description = prbacCAConstraints (2 16 840 1 101 2 1 5 54) + +OID = 06 09 60 86 48 01 65 02 01 05 37 +Comment = SDN.700 INFOSEC attributes +Description = sigOrKMPrivileges (2 16 840 1 101 2 1 5 55) + +OID = 06 09 60 86 48 01 65 02 01 05 38 +Comment = SDN.700 INFOSEC attributes +Description = commPrivileges (2 16 840 1 101 2 1 5 56) + +OID = 06 09 60 86 48 01 65 02 01 05 39 +Comment = SDN.700 INFOSEC attributes +Description = labeledAttribute (2 16 840 1 101 2 1 5 57) + +OID = 06 09 60 86 48 01 65 02 01 05 3A +Comment = SDN.700 INFOSEC attributes (obsolete) +Description = policyInformationFile (2 16 840 1 101 2 1 5 58) +Warning + +OID = 06 09 60 86 48 01 65 02 01 05 3B +Comment = SDN.700 INFOSEC attributes +Description = secPolicyInformationFile (2 16 840 1 101 2 1 5 59) + +OID = 06 09 60 86 48 01 65 02 01 05 3C +Comment = SDN.700 INFOSEC attributes +Description = cAClearanceConstraint (2 16 840 1 101 2 1 5 60) + +OID = 06 09 60 86 48 01 65 02 01 07 01 +Comment = SDN.700 INFOSEC extensions +Description = cspExtns (2 16 840 1 101 2 1 7 1) + +OID = 06 0A 60 86 48 01 65 02 01 07 01 00 +Comment = SDN.700 INFOSEC extensions +Description = cspCsExtn (2 16 840 1 101 2 1 7 1 0) + +OID = 06 09 60 86 48 01 65 02 01 08 01 +Comment = SDN.700 INFOSEC security category +Description = mISSISecurityCategories (2 16 840 1 101 2 1 8 1) + +OID = 06 09 60 86 48 01 65 02 01 08 02 +Comment = SDN.700 INFOSEC security category +Description = standardSecurityLabelPrivileges (2 16 840 1 101 2 1 8 2) + +OID = 06 09 60 86 48 01 65 02 01 0A 01 +Comment = SDN.700 INFOSEC privileges +Description = sigPrivileges (2 16 840 1 101 2 1 10 1) + +OID = 06 09 60 86 48 01 65 02 01 0A 02 +Comment = SDN.700 INFOSEC privileges +Description = kmPrivileges (2 16 840 1 101 2 1 10 2) + +OID = 06 09 60 86 48 01 65 02 01 0A 03 +Comment = SDN.700 INFOSEC privileges +Description = namedTagSetPrivilege (2 16 840 1 101 2 1 10 3) + +OID = 06 09 60 86 48 01 65 02 01 0B 01 +Comment = SDN.700 INFOSEC certificate policy +Description = ukDemo (2 16 840 1 101 2 1 11 1) + +OID = 06 09 60 86 48 01 65 02 01 0B 02 +Comment = SDN.700 INFOSEC certificate policy +Description = usDODClass2 (2 16 840 1 101 2 1 11 2) + +OID = 06 09 60 86 48 01 65 02 01 0B 03 +Comment = SDN.700 INFOSEC certificate policy +Description = usMediumPilot (2 16 840 1 101 2 1 11 3) + +OID = 06 09 60 86 48 01 65 02 01 0B 04 +Comment = SDN.700 INFOSEC certificate policy +Description = usDODClass4 (2 16 840 1 101 2 1 11 4) + +OID = 06 09 60 86 48 01 65 02 01 0B 05 +Comment = SDN.700 INFOSEC certificate policy +Description = usDODClass3 (2 16 840 1 101 2 1 11 5) + +OID = 06 09 60 86 48 01 65 02 01 0B 06 +Comment = SDN.700 INFOSEC certificate policy +Description = usDODClass5 (2 16 840 1 101 2 1 11 6) + +OID = 06 09 60 86 48 01 65 02 01 0C 00 +Comment = SDN.700 INFOSEC test objects +Description = testSecurityPolicy (2 16 840 1 101 2 1 12 0) + +OID = 06 0A 60 86 48 01 65 02 01 0C 00 01 +Comment = SDN.700 INFOSEC test objects +Description = tsp1 (2 16 840 1 101 2 1 12 0 1) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 +Comment = SDN.700 INFOSEC test objects +Description = tsp1SecurityCategories (2 16 840 1 101 2 1 12 0 1 0) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 00 +Comment = SDN.700 INFOSEC test objects +Description = tsp1TagSetZero (2 16 840 1 101 2 1 12 0 1 0 0) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 01 +Comment = SDN.700 INFOSEC test objects +Description = tsp1TagSetOne (2 16 840 1 101 2 1 12 0 1 0 1) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 02 +Comment = SDN.700 INFOSEC test objects +Description = tsp1TagSetTwo (2 16 840 1 101 2 1 12 0 1 0 2) + +OID = 06 0A 60 86 48 01 65 02 01 0C 00 02 +Comment = SDN.700 INFOSEC test objects +Description = tsp2 (2 16 840 1 101 2 1 12 0 2) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 +Comment = SDN.700 INFOSEC test objects +Description = tsp2SecurityCategories (2 16 840 1 101 2 1 12 0 2 0) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 00 +Comment = SDN.700 INFOSEC test objects +Description = tsp2TagSetZero (2 16 840 1 101 2 1 12 0 2 0 0) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 01 +Comment = SDN.700 INFOSEC test objects +Description = tsp2TagSetOne (2 16 840 1 101 2 1 12 0 2 0 1) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 02 +Comment = SDN.700 INFOSEC test objects +Description = tsp2TagSetTwo (2 16 840 1 101 2 1 12 0 2 0 2) + +# At least someone there has a sense of humour :-) +OID = 06 0A 60 86 48 01 65 02 01 0C 00 03 +Comment = SDN.700 INFOSEC test objects +Description = kafka (2 16 840 1 101 2 1 12 0 3) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 +Comment = SDN.700 INFOSEC test objects +Description = kafkaSecurityCategories (2 16 840 1 101 2 1 12 0 3 0) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 01 +Comment = SDN.700 INFOSEC test objects +Description = kafkaTagSetName1 (2 16 840 1 101 2 1 12 0 3 0 1) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 02 +Comment = SDN.700 INFOSEC test objects +Description = kafkaTagSetName2 (2 16 840 1 101 2 1 12 0 3 0 2) + +OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 03 +Comment = SDN.700 INFOSEC test objects +Description = kafkaTagSetName3 (2 16 840 1 101 2 1 12 0 3 0 3) + +OID = 06 0A 60 86 48 01 65 02 01 0C 01 01 +Comment = SDN.700 INFOSEC test objects +Description = tcp1 (2 16 840 1 101 2 1 12 1 1) + +# CSOR GAK-FIPS + +OID = 06 07 60 86 48 01 65 03 01 +Comment = CSOR GAK +Description = slabel (2 16 840 1 101 3 1) +Warning + +OID = 06 07 60 86 48 01 65 03 02 +Comment = CSOR GAK +Description = pki (2 16 840 1 101 3 2) +Warning + +OID = 06 08 60 86 48 01 65 03 02 01 +Comment = CSOR GAK policy +Description = GAK policyIdentifier (2 16 840 1 101 3 2 1) +Warning + +OID = 06 0A 60 86 48 01 65 03 02 01 03 01 +Comment = Federal Bridge CA Policy +Description = FBCA-Rudimentary policyIdentifier (2 16 840 1 101 3 2 1 3 1) + +OID = 06 0A 60 86 48 01 65 03 02 01 03 02 +Comment = Federal Bridge CA Policy +Description = FBCA-Basic policyIdentifier (2 16 840 1 101 3 2 1 3 2) + +OID = 06 0A 60 86 48 01 65 03 02 01 03 03 +Comment = Federal Bridge CA Policy +Description = FBCA-Medium policyIdentifier (2 16 840 1 101 3 2 1 3 3) + +OID = 06 0A 60 86 48 01 65 03 02 01 03 04 +Comment = Federal Bridge CA Policy +Description = FBCA-High policyIdentifier (2 16 840 1 101 3 2 1 3 4) + +OID = 06 08 60 86 48 01 65 03 02 02 +Comment = CSOR GAK extended key usage +Description = GAK (2 16 840 1 101 3 2 2) +Warning + +OID = 06 09 60 86 48 01 65 03 02 02 01 +Comment = CSOR GAK extended key usage +Description = kRAKey (2 16 840 1 101 3 2 2 1) +Warning + +OID = 06 08 60 86 48 01 65 03 02 03 +Comment = CSOR GAK extensions +Description = extensions (2 16 840 1 101 3 2 3) +Warning + +OID = 06 09 60 86 48 01 65 03 02 03 01 +Comment = CSOR GAK extensions +Description = kRTechnique (2 16 840 1 101 3 2 3 1) +Warning + +OID = 06 09 60 86 48 01 65 03 02 03 02 +Comment = CSOR GAK extensions +Description = kRecoveryCapable (2 16 840 1 101 3 2 3 2) +Warning + +OID = 06 09 60 86 48 01 65 03 02 03 03 +Comment = CSOR GAK extensions +Description = kR (2 16 840 1 101 3 2 3 3) +Warning + +OID = 06 08 60 86 48 01 65 03 02 04 +Comment = CSOR GAK +Description = keyrecoveryschemes (2 16 840 1 101 3 2 4) +Warning + +OID = 06 08 60 86 48 01 65 03 02 05 +Comment = CSOR GAK +Description = krapola (2 16 840 1 101 3 2 5) +Warning + +OID = 06 07 60 86 48 01 65 03 03 +Comment = CSOR GAK +Description = arpa (2 16 840 1 101 3 3) +Warning + +# CSOR (NIST) Algorithms + +OID = 06 07 60 86 48 01 65 03 04 +Comment = NIST Algorithm +Description = nistAlgorithm (2 16 840 1 101 3 4) + +OID = 06 08 60 86 48 01 65 03 04 01 +Comment = NIST Algorithm +Description = aes (2 16 840 1 101 3 4 1) + +OID = 06 09 60 86 48 01 65 03 04 01 01 +Comment = NIST Algorithm +Description = aes128-ECB (2 16 840 1 101 3 4 1 1) + +OID = 06 09 60 86 48 01 65 03 04 01 02 +Comment = NIST Algorithm +Description = aes128-CBC (2 16 840 1 101 3 4 1 2) + +OID = 06 09 60 86 48 01 65 03 04 01 03 +Comment = NIST Algorithm +Description = aes128-OFB (2 16 840 1 101 3 4 1 3) + +OID = 06 09 60 86 48 01 65 03 04 01 04 +Comment = NIST Algorithm +Description = aes128-CFB (2 16 840 1 101 3 4 1 4) + +OID = 06 09 60 86 48 01 65 03 04 01 15 +Comment = NIST Algorithm +Description = aes192-ECB (2 16 840 1 101 3 4 1 21) + +OID = 06 09 60 86 48 01 65 03 04 01 16 +Comment = NIST Algorithm +Description = aes192-CBC (2 16 840 1 101 3 4 1 22) + +OID = 06 09 60 86 48 01 65 03 04 01 17 +Comment = NIST Algorithm +Description = aes192-OFB (2 16 840 1 101 3 4 1 23) + +OID = 06 09 60 86 48 01 65 03 04 01 18 +Comment = NIST Algorithm +Description = aes192-CFB (2 16 840 1 101 3 4 1 24) + +OID = 06 09 60 86 48 01 65 03 04 01 29 +Comment = NIST Algorithm +Description = aes256-ECB (2 16 840 1 101 3 4 1 41) + +OID = 06 09 60 86 48 01 65 03 04 01 2A +Comment = NIST Algorithm +Description = aes256-CBC (2 16 840 1 101 3 4 1 42) + +OID = 06 09 60 86 48 01 65 03 04 01 2B +Comment = NIST Algorithm +Description = aes256-OFB (2 16 840 1 101 3 4 1 43) + +OID = 06 09 60 86 48 01 65 03 04 01 2C +Comment = NIST Algorithm +Description = aes256-CFB (2 16 840 1 101 3 4 1 44) + +OID = 06 08 60 86 48 01 65 03 04 02 +Comment = NIST Algorithm +Description = hashAlgos (2 16 840 1 101 3 4 2) + +OID = 06 09 60 86 48 01 65 03 04 02 01 +Comment = NIST Algorithm +Description = sha-256 (2 16 840 1 101 3 4 2 1) + +OID = 06 09 60 86 48 01 65 03 04 02 02 +Comment = NIST Algorithm +Description = sha-384 (2 16 840 1 101 3 4 2 2) + +OID = 06 09 60 86 48 01 65 03 04 02 03 +Comment = NIST Algorithm +Description = sha-512 (2 16 840 1 101 3 4 2 3) + +# Novell + +OID = 06 0A 60 86 48 01 86 F8 37 01 02 08 +Comment = Novell +Description = novellAlgorithm (2 16 840 1 113719 1 2 8) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 16 +Comment = Novell encryption algorithm +Description = desCbcIV8 (2 16 840 1 113719 1 2 8 22) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 17 +Comment = Novell encryption algorithm +Description = desCbcPadIV8 (2 16 840 1 113719 1 2 8 23) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 18 +Comment = Novell encryption algorithm +Description = desEDE2CbcIV8 (2 16 840 1 113719 1 2 8 24) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 19 +Comment = Novell encryption algorithm +Description = desEDE2CbcPadIV8 (2 16 840 1 113719 1 2 8 25) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1A +Comment = Novell encryption algorithm +Description = desEDE3CbcIV8 (2 16 840 1 113719 1 2 8 26) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1B +Comment = Novell encryption algorithm +Description = desEDE3CbcPadIV8 (2 16 840 1 113719 1 2 8 27) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1C +Comment = Novell encryption algorithm +Description = rc5CbcPad (2 16 840 1 113719 1 2 8 28) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1D +Comment = Novell signature algorithm +Description = md2WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 29) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1E +Comment = Novell signature algorithm +Description = md5WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 30) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 1F +Comment = Novell signature algorithm +Description = sha1WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 31) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 20 +Comment = Novell digest algorithm +Description = LMDigest (2 16 840 1 113719 1 2 8 32) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 28 +Comment = Novell digest algorithm +Description = MD2 (2 16 840 1 113719 1 2 8 40) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 32 +Comment = Novell digest algorithm +Description = MD5 (2 16 840 1 113719 1 2 8 50) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 33 +Comment = Novell signature algorithm +Description = IKEhmacWithSHA1-RSA (2 16 840 1 113719 1 2 8 51) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 34 +Comment = Novell signature algorithm +Description = IKEhmacWithMD5-RSA (2 16 840 1 113719 1 2 8 52) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 45 +Comment = Novell encryption algorithm +Description = rc2CbcPad (2 16 840 1 113719 1 2 8 69) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 52 +Comment = Novell digest algorithm +Description = SHA-1 (2 16 840 1 113719 1 2 8 82) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 5C +Comment = Novell encryption algorithm +Description = rc2BSafe1Cbc (2 16 840 1 113719 1 2 8 92) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 5F +Comment = Novell digest algorithm +Description = MD4 (2 16 840 1 113719 1 2 8 95) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 81 02 +Comment = Novell keyed hash +Description = MD4Packet (2 16 840 1 113719 1 2 8 130) + +OID = 06 0C 60 86 48 01 86 F8 37 01 02 08 81 03 +Comment = Novell encryption algorithm +Description = rsaEncryptionBsafe1 (2 16 840 1 113719 1 2 8 131) + +OID = 06 0C 60 86 48 01 86 F8 37 01 02 08 81 04 +Comment = Novell encryption algorithm +Description = NWPassword (2 16 840 1 113719 1 2 8 132) + +OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 81 05 +Comment = Novell encryption algorithm +Description = novellObfuscate-1 (2 16 840 1 113719 1 2 8 133) + +OID = 06 09 60 86 48 01 86 F8 37 01 09 +Comment = Novell +Description = pki (2 16 840 1 113719 1 9) + +OID = 06 0A 60 86 48 01 86 F8 37 01 09 04 +Comment = Novell PKI +Description = pkiAttributeType (2 16 840 1 113719 1 9 4) + +OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 01 +Comment = Novell PKI attribute type +Description = securityAttributes (2 16 840 1 113719 1 9 4 1) + +OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 02 +Comment = Novell PKI attribute type +Description = relianceLimit (2 16 840 1 113719 1 9 4 2) + +# Netscape + +OID = 06 08 60 86 48 01 86 F8 42 01 +Comment = Netscape +Description = cert-extension (2 16 840 1 113730 1) + +OID = 06 09 60 86 48 01 86 F8 42 01 01 +Comment = Netscape certificate extension +Description = netscape-cert-type (2 16 840 1 113730 1 1) + +OID = 06 09 60 86 48 01 86 F8 42 01 02 +Comment = Netscape certificate extension +Description = netscape-base-url (2 16 840 1 113730 1 2) + +OID = 06 09 60 86 48 01 86 F8 42 01 03 +Comment = Netscape certificate extension +Description = netscape-revocation-url (2 16 840 1 113730 1 3) + +OID = 06 09 60 86 48 01 86 F8 42 01 04 +Comment = Netscape certificate extension +Description = netscape-ca-revocation-url (2 16 840 1 113730 1 4) + +OID = 06 09 60 86 48 01 86 F8 42 01 07 +Comment = Netscape certificate extension +Description = netscape-cert-renewal-url (2 16 840 1 113730 1 7) + +OID = 06 09 60 86 48 01 86 F8 42 01 08 +Comment = Netscape certificate extension +Description = netscape-ca-policy-url (2 16 840 1 113730 1 8) + +OID = 06 09 60 86 48 01 86 F8 42 01 09 +Comment = Netscape certificate extension +Description = HomePage-url (2 16 840 1 113730 1 9) + +OID = 06 09 60 86 48 01 86 F8 42 01 0A +Comment = Netscape certificate extension +Description = EntityLogo (2 16 840 1 113730 1 10) + +OID = 06 09 60 86 48 01 86 F8 42 01 0B +Comment = Netscape certificate extension +Description = UserPicture (2 16 840 1 113730 1 11) + +OID = 06 09 60 86 48 01 86 F8 42 01 0C +Comment = Netscape certificate extension +Description = netscape-ssl-server-name (2 16 840 1 113730 1 12) + +OID = 06 09 60 86 48 01 86 F8 42 01 0D +Comment = Netscape certificate extension +Description = netscape-comment (2 16 840 1 113730 1 13) + +OID = 06 08 60 86 48 01 86 F8 42 02 +Comment = Netscape +Description = data-type (2 16 840 1 113730 2) + +OID = 06 09 60 86 48 01 86 F8 42 02 01 +Comment = Netscape data type +Description = dataGIF (2 16 840 1 113730 2 1) + +OID = 06 09 60 86 48 01 86 F8 42 02 02 +Comment = Netscape data type +Description = dataJPEG (2 16 840 1 113730 2 2) + +OID = 06 09 60 86 48 01 86 F8 42 02 03 +Comment = Netscape data type +Description = dataURL (2 16 840 1 113730 2 3) + +OID = 06 09 60 86 48 01 86 F8 42 02 04 +Comment = Netscape data type +Description = dataHTML (2 16 840 1 113730 2 4) + +OID = 06 09 60 86 48 01 86 F8 42 02 05 +Comment = Netscape data type +Description = certSequence (2 16 840 1 113730 2 5) + +OID = 06 09 60 86 48 01 86 F8 42 02 06 +Comment = Netscape certificate extension +Description = certURL (2 16 840 1 113730 2 6) + +OID = 06 08 60 86 48 01 86 F8 42 03 +Comment = Netscape +Description = directory (2 16 840 1 113730 3) + +OID = 06 09 60 86 48 01 86 F8 42 03 01 +Comment = Netscape directory +Description = ldapDefinitions (2 16 840 1 113730 3 1) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 01 +Comment = Netscape LDAP definitions +Description = carLicense (2 16 840 1 113730 3 1 1) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 02 +Comment = Netscape LDAP definitions +Description = departmentNumber (2 16 840 1 113730 3 1 2) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 03 +Comment = Netscape LDAP definitions +Description = employeeNumber (2 16 840 1 113730 3 1 3) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 04 +Comment = Netscape LDAP definitions +Description = employeeType (2 16 840 1 113730 3 1 4) + +OID = 06 0A 60 86 48 01 86 F8 42 03 02 02 +Comment = Netscape LDAP definitions +Description = inetOrgPerson (2 16 840 1 113730 3 2 2) + +OID = 06 09 60 86 48 01 86 F8 42 04 01 +Comment = Netscape +Description = serverGatedCrypto (2 16 840 1 113730 4 1) + +# Verisign + +# Country, zip, date of birth (age), and gender of cert owner (CZAG) in +# obfuscated form +OID = 06 0A 60 86 48 01 86 F8 45 01 06 03 +Comment = Verisign extension +Description = verisignCZAG (2 16 840 1 113733 1 6 3) + +# Text string used in certs issued to Netscape InBox customers +OID = 06 0A 60 86 48 01 86 F8 45 01 06 06 +Comment = Verisign extension +Description = verisignInBox (2 16 840 1 113733 1 6 6) + +OID = 06 0A 60 86 48 01 86 F8 45 01 06 0B +Comment = Verisign extension +Description = Unknown Verisign VPN extension (2 16 840 1 113733 1 6 11) + +OID = 06 0A 60 86 48 01 86 F8 45 01 06 0D +Comment = Verisign extension +Description = Unknown Verisign VPN extension (2 16 840 1 113733 1 6 13) + +# Contains DUN, among other things +OID = 06 0A 60 86 48 01 86 F8 45 01 06 0F +Comment = Verisign extension +Description = Verisign serverID (2 16 840 1 113733 1 6 15) + +OID = 06 0B 60 86 48 01 86 F8 45 01 07 01 01 +Comment = Verisign policy +Description = Verisign policyIdentifier (2 16 840 1 113733 1 7 1 1) + +OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 01 +Comment = Verisign policy (obsolete) +Description = verisignCPSv1notice (2 16 840 1 113733 1 7 1 1 1) + +# DN contains non-verified subscriber information +OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 02 +Comment = Verisign policy (obsolete) +Description = verisignCPSv1nsi (2 16 840 1 113733 1 7 1 1 2) + +OID = 06 0A 60 86 48 01 86 F8 45 01 08 01 +Comment = Verisign +Description = Verisign SGC CA? (2 16 840 1 113733 1 8 1) + +# SCEP + +OID = 06 08 60 86 48 01 86 F8 45 01 +Comment = Verisign extension +Description = pki (2 16 840 1 113733 1) + +OID = 06 09 60 86 48 01 86 F8 45 01 09 +Comment = Verisign PKI extension +Description = pkcs7Attribute (2 16 840 1 113733 1 9) + +OID = 06 0A 60 86 48 01 86 F8 45 01 09 02 +Comment = Verisign PKCS #7 attribute +Description = messageType (2 16 840 1 113733 1 9 2) + +OID = 06 0A 60 86 48 01 86 F8 45 01 09 03 +Comment = Verisign PKCS #7 attribute +Description = pkiStatus (2 16 840 1 113733 1 9 3) + +OID = 06 0A 60 86 48 01 86 F8 45 01 09 04 +Comment = Verisign PKCS #7 attribute +Description = failInfo (2 16 840 1 113733 1 9 4) + +OID = 06 0A 60 86 48 01 86 F8 45 01 09 05 +Comment = Verisign PKCS #7 attribute +Description = senderNonce (2 16 840 1 113733 1 9 5) + +OID = 06 0A 60 86 48 01 86 F8 45 01 09 06 +Comment = Verisign PKCS #7 attribute +Description = recipientNonce (2 16 840 1 113733 1 9 6) + +OID = 06 0A 60 86 48 01 86 F8 45 01 09 07 +Comment = Verisign PKCS #7 attribute +Description = transID (2 16 840 1 113733 1 9 7) + +# Supposedly the attribute for X.509v3 extensions in PKCS #10 requests, +# but everyone seems to use the RSA OID instead +OID = 06 0A 60 86 48 01 86 F8 45 01 09 08 +Comment = Verisign PKCS #7 attribute. Use PKCS #9 extensionRequest instead +Description = extensionReq (2 16 840 1 113733 1 9 8) +Warning + +# SET + +OID = 06 03 67 2A 00 +Comment = SET +Description = contentType (2 23 42 0) + +OID = 06 04 67 2A 00 00 +Comment = SET contentType +Description = PANData (2 23 42 0 0) + +OID = 06 04 67 2A 00 01 +Comment = SET contentType +Description = PANToken (2 23 42 0 1) + +OID = 06 04 67 2A 00 02 +Comment = SET contentType +Description = PANOnly (2 23 42 0 2) + +# And on and on and on for another 80-odd OIDs that I'm not going to type in + +OID = 06 03 67 2A 01 +Comment = SET +Description = msgExt (2 23 42 1) + +OID = 06 03 67 2A 02 +Comment = SET +Description = field (2 23 42 2) + +OID = 06 04 67 2A 02 00 +Comment = SET field +Description = fullName (2 23 42 2 0) + +OID = 06 04 67 2A 02 01 +Comment = SET field +Description = givenName (2 23 42 2 1) + +OID = 06 04 67 2A 02 02 +Comment = SET field +Description = familyName (2 23 42 2 2) + +OID = 06 04 67 2A 02 03 +Comment = SET field +Description = birthFamilyName (2 23 42 2 3) + +OID = 06 04 67 2A 02 04 +Comment = SET field +Description = placeName (2 23 42 2 4) + +OID = 06 04 67 2A 02 05 +Comment = SET field +Description = identificationNumber (2 23 42 2 5) + +OID = 06 04 67 2A 02 06 +Comment = SET field +Description = month (2 23 42 2 6) + +OID = 06 04 67 2A 02 07 +Comment = SET field +Description = date (2 23 42 2 7) + +OID = 06 04 67 2A 02 08 +Comment = SET field +Description = address (2 23 42 2 8) + +OID = 06 04 67 2A 02 09 +Comment = SET field +Description = telephone (2 23 42 2 9) + +OID = 06 04 67 2A 02 0A +Comment = SET field +Description = amount (2 23 42 2 10) + +OID = 06 04 67 2A 02 0B +Comment = SET field +Description = accountNumber (2 23 42 2 7 11) + +OID = 06 04 67 2A 02 0C +Comment = SET field +Description = passPhrase (2 23 42 2 7 12) + +OID = 06 03 67 2A 03 +Comment = SET +Description = attribute (2 23 42 3) + +OID = 06 04 67 2A 03 00 +Comment = SET attribute +Description = cert (2 23 42 3 0) + +OID = 06 05 67 2A 03 00 00 +Comment = SET cert attribute +Description = rootKeyThumb (2 23 42 3 0 0) + +OID = 06 05 67 2A 03 00 01 +Comment = SET cert attribute +Description = additionalPolicy (2 23 42 3 0 1) + +OID = 06 03 67 2A 04 +Comment = SET +Description = algorithm (2 23 42 4) + +OID = 06 03 67 2A 05 +Comment = SET +Description = policy (2 23 42 5) + +OID = 06 04 67 2A 05 00 +Comment = SET policy +Description = root (2 23 42 5 0) + +OID = 06 03 67 2A 06 +Comment = SET +Description = module (2 23 42 6) + +OID = 06 03 67 2A 07 +Comment = SET +Description = certExt (2 23 42 7) + +OID = 06 04 67 2A 07 00 +Comment = SET cert extension +Description = hashedRootKey (2 23 42 7 0) + +OID = 06 04 67 2A 07 01 +Comment = SET cert extension +Description = certificateType (2 23 42 7 1) + +OID = 06 04 67 2A 07 02 +Comment = SET cert extension +Description = merchantData (2 23 42 7 2) + +OID = 06 04 67 2A 07 03 +Comment = SET cert extension +Description = cardCertRequired (2 23 42 7 3) + +OID = 06 04 67 2A 07 04 +Comment = SET cert extension +Description = tunneling (2 23 42 7 4) + +OID = 06 04 67 2A 07 05 +Comment = SET cert extension +Description = setExtensions (2 23 42 7 5) + +OID = 06 04 67 2A 07 06 +Comment = SET cert extension +Description = setQualifier (2 23 42 7 6) + +OID = 06 03 67 2A 08 +Comment = SET +Description = brand (2 23 42 8) + +OID = 06 04 67 2A 08 01 +Comment = SET brand +Description = IATA-ATA (2 23 42 8 1) + +OID = 06 04 67 2A 08 04 +Comment = SET brand +Description = VISA (2 23 42 8 4) + +OID = 06 04 67 2A 08 05 +Comment = SET brand +Description = MasterCard (2 23 42 8 5) + +OID = 06 04 67 2A 08 1E +Comment = SET brand +Description = Diners (2 23 42 8 30) + +OID = 06 04 67 2A 08 22 +Comment = SET brand +Description = AmericanExpress (2 23 42 8 34) + +OID = 06 05 67 2A 08 AE 7B +Comment = SET brand +Description = Novus (2 23 42 8 6011) + +OID = 06 03 67 2A 09 +Comment = SET +Description = vendor (2 23 42 9) + +OID = 06 04 67 2A 09 00 +Comment = SET vendor +Description = GlobeSet (2 23 42 9 0) + +OID = 06 04 67 2A 09 01 +Comment = SET vendor +Description = IBM (2 23 42 9 1) + +OID = 06 04 67 2A 09 02 +Comment = SET vendor +Description = CyberCash (2 23 42 9 2) + +OID = 06 04 67 2A 09 03 +Comment = SET vendor +Description = Terisa (2 23 42 9 3) + +OID = 06 04 67 2A 09 04 +Comment = SET vendor +Description = RSADSI (2 23 42 9 4) + +OID = 06 04 67 2A 09 05 +Comment = SET vendor +Description = VeriFone (2 23 42 9 5) + +OID = 06 04 67 2A 09 06 +Comment = SET vendor +Description = TrinTech (2 23 42 9 6) + +OID = 06 04 67 2A 09 07 +Comment = SET vendor +Description = BankGate (2 23 42 9 7) + +OID = 06 04 67 2A 09 08 +Comment = SET vendor +Description = GTE (2 23 42 9 8) + +OID = 06 04 67 2A 09 09 +Comment = SET vendor +Description = CompuSource (2 23 42 9 9) + +OID = 06 04 67 2A 09 0A +Comment = SET vendor +Description = Griffin (2 23 42 9 10) + +OID = 06 04 67 2A 09 0B +Comment = SET vendor +Description = Certicom (2 23 42 9 11) + +OID = 06 04 67 2A 09 0C +Comment = SET vendor +Description = OSS (2 23 42 9 12) + +OID = 06 04 67 2A 09 0D +Comment = SET vendor +Description = TenthMountain (2 23 42 9 13) + +OID = 06 04 67 2A 09 0E +Comment = SET vendor +Description = Antares (2 23 42 9 14) + +OID = 06 04 67 2A 09 0F +Comment = SET vendor +Description = ECC (2 23 42 9 15) + +OID = 06 04 67 2A 09 10 +Comment = SET vendor +Description = Maithean (2 23 42 9 16) + +OID = 06 04 67 2A 09 11 +Comment = SET vendor +Description = Netscape (2 23 42 9 17) + +OID = 06 04 67 2A 09 12 +Comment = SET vendor +Description = Verisign (2 23 42 9 18) + +OID = 06 04 67 2A 09 13 +Comment = SET vendor +Description = BlueMoney (2 23 42 9 19) + +OID = 06 04 67 2A 09 14 +Comment = SET vendor +Description = Lacerte (2 23 42 9 20) + +OID = 06 04 67 2A 09 15 +Comment = SET vendor +Description = Fujitsu (2 23 42 9 21) + +OID = 06 04 67 2A 09 16 +Comment = SET vendor +Description = eLab (2 23 42 9 22) + +OID = 06 04 67 2A 09 17 +Comment = SET vendor +Description = Entrust (2 23 42 9 23) + +OID = 06 04 67 2A 09 18 +Comment = SET vendor +Description = VIAnet (2 23 42 9 24) + +OID = 06 04 67 2A 09 19 +Comment = SET vendor +Description = III (2 23 42 9 25) + +OID = 06 04 67 2A 09 1A +Comment = SET vendor +Description = OpenMarket (2 23 42 9 26) + +OID = 06 04 67 2A 09 1B +Comment = SET vendor +Description = Lexem (2 23 42 9 27) + +OID = 06 04 67 2A 09 1C +Comment = SET vendor +Description = Intertrader (2 23 42 9 28) + +OID = 06 04 67 2A 09 1D +Comment = SET vendor +Description = Persimmon (2 23 42 9 29) + +OID = 06 04 67 2A 09 1E +Comment = SET vendor +Description = NABLE (2 23 42 9 30) + +OID = 06 04 67 2A 09 1F +Comment = SET vendor +Description = espace-net (2 23 42 9 31) + +OID = 06 04 67 2A 09 20 +Comment = SET vendor +Description = Hitachi (2 23 42 9 32) + +OID = 06 04 67 2A 09 21 +Comment = SET vendor +Description = Microsoft (2 23 42 9 33) + +OID = 06 04 67 2A 09 22 +Comment = SET vendor +Description = NEC (2 23 42 9 34) + +OID = 06 04 67 2A 09 23 +Comment = SET vendor +Description = Mitsubishi (2 23 42 9 35) + +OID = 06 04 67 2A 09 24 +Comment = SET vendor +Description = NCR (2 23 42 9 36) + +OID = 06 04 67 2A 09 25 +Comment = SET vendor +Description = e-COMM (2 23 42 9 37) + +OID = 06 04 67 2A 09 26 +Comment = SET vendor +Description = Gemplus (2 23 42 9 38) + +OID = 06 03 67 2A 0A +Comment = SET +Description = national (2 23 42 10) + +OID = 06 05 67 2A 0A E2 00 +Comment = SET national +Description = Japan (2 23 42 10 392) + +# Draft SET. These were invented for testing in pre-1.0 drafts, but have +# been used nonetheless by implementors + +OID = 06 04 86 8D 6F 02 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = hashedRootKey (2 54 1775 2) +Warning + +OID = 06 04 86 8D 6F 03 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = certificateType (2 54 1775 3) +Warning + +OID = 06 04 86 8D 6F 04 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = merchantData (2 54 1775 4) +Warning + +OID = 06 04 86 8D 6F 05 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = cardCertRequired (2 54 1775 5) +Warning + +OID = 06 04 86 8D 6F 06 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = tunneling (2 54 1775 6) +Warning + +OID = 06 04 86 8D 6F 07 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = setQualifier (2 54 1775 7) +Warning + +OID = 06 04 86 8D 6F 63 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = set-data (2 54 1775 99) +Warning + +# End of Fahnenstange diff --git a/dumpasn1.spec b/dumpasn1.spec new file mode 100644 index 0000000..2bbcc3b --- /dev/null +++ b/dumpasn1.spec @@ -0,0 +1,61 @@ +Name: dumpasn1 +Version: 20050404 +Release: 0.1 +Summary: ASN.1 object dump utility + +Group: Development/Tools +License: Public Domain +URL: http://www.cs.auckland.ac.nz/~pgut001/ +Source0: http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c +Source1: http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg +Patch0: http://ftp.debian.org/debian/pool/main/d/dumpasn1/%{name}_20030222-1.diff.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: sed >= 3.95 + +%description +dumpasn1 is an ASN.1 object dump program that will dump data encoded +using any of the ASN.1 encoding rules in a variety of user-specified +formats. + + +%prep +%setup -q -c -T +install -pm 644 %{SOURCE0} . +%patch0 -p1 +sed -i -e 's|\bgcc |\$(CC) \$(RPM_OPT_FLAGS) |' Makefile +sed -i -e 's|/etc/dumpasn1/|%{_sysconfdir}/dumpasn1/|' dumpasn1.{c,1*} + + +%build +make %{?_smp_mflags} CC="%{__cc}" + + +%install +rm -rf $RPM_BUILD_ROOT +install -Dpm 755 dumpasn1 $RPM_BUILD_ROOT%{_bindir}/dumpasn1 +install -Dpm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/dumpasn1/dumpasn1.cfg +install -Dpm 644 dumpasn1.1 $RPM_BUILD_ROOT%{_mandir}/man1/dumpasn1.1 + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(-,root,root,-) +%doc debian/README.Debian debian/copyright +%config(noreplace) %{_sysconfdir}/dumpasn1/ +%{_bindir}/dumpasn1 +%{_mandir}/man1/dumpasn1.1* + + +%changelog +* Tue Aug 9 2005 Ville Skyttä - 20050404-0.1 +- Update to 20050404. + +* Sun May 29 2005 Ville Skyttä - 20030222-0.1 +- Rebuild for FC4. + +* Mon Aug 30 2004 Ville Skyttä - 0:20030222-0.fdr.1 +- First build, based on Debian package. diff --git a/sources b/sources index e69de29..fdccb5d 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +4d3bff6213cc455af94846a0485ca743 dumpasn1_20030222-1.diff.gz